The things that we can learn from this report are the following:

• Bypassing XSS filters does not have to be complex or difficult as long as the attacker is creative in what they do
• Encoding XSS payloads help in bypassing many filters so it is always advised to experiment with your scenarios in order to move forward with it
• In this report, just a brief experimentation with the /characters made the hacker $5,000; similarly, it is advised to experiment with your own scenarios