On https://ais.osym.gov.tr/ I saw an XSS vulnerable input. I tried some payloads without malicious intent which only contained alerts or console logs. The code img \x00src=x onerror=alert(1) worked.
Now the problem is whenever I try to remove it I get this JSON parse error:
I guess they are just aborting the request. This is the only vulnerable/unsanitized input on this site. How do I remove it except contacting the admins?
I know this is a government site, I am trying to avoid damage and report if there is an issue.
