Yes, and you can't imagine how many website are vulnerable to this kind of attack and XSS and CSRF as well.
Even if they are well known and have great mitigation techniques.
Follow secure tips like the ones described here and the OWASP documents and you are good to go.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes, and you can't imagine how many website are vulnerable to this kind of attack and XSS and CSRF as well.
Even if they are well known and have great mitigation techniques.
Follow secure tips like the ones described here and the OWASP documents and you are good to go.