XSS on Aon.At

I recently discovered an XSS security hole on my ISPs website: aon.at. It can be used to create a "type 1" XSS attack against their search engine: POC. My email explaining my exposure has been accepted friendly by their support:

Thank you for informing us directly. After we have checked your link and/or input data ourselfs, we totally agree with the existence of this issue. We have redirected this issue it to our local administration. We will try to react to it as fast as possible.

Good work guys, and good luck.
P.S: @Aon Support: Please stop writing HTML emails. My spine shivers to the thought that YOU guys send out HTML emails. ;-) Just kidding!