Did you responsibly disclose the vulnerability to the site owner? Or did you first publish this report publicly?
This question still matter's as it's not good look or practice at testing vulnerability on such website's without the owner's knowledge.
You should have atleast notified OgNasty before injecting any scripts.