Reflected XSS on the data.gov (WAF bypass+ Chrome XSS Auditor bypass+ works in all browsers)

##Description Hello. I discovered Cross-Site scripting issue on the https://www.data.gov/local/ endpoint. The issue can be site-wide, and exploitable in any place, where pagination exist. ##The Impact and Severity I assigned the High severity, because unlike the last #263226 report (that XSS was exploitable in the Firefox only), this XSS works in all browsers (Chrome/IE/Firefox). But, considering that this case requires user interaction (hovering the mouse to the Page 2), the severity can be lowered to the Medium, if you consider so. ##POC (Reflected XSS) Use this link in the Mozilla Firefox, Chrome or IE https://www.data.gov/local/?&q&zzz%27onmou%3Cseover=1&ale%3Crt(%27xsp%27%3C)%3C;1;%20// and hover the mouse to the page 2. {F217930} ##Suggested fix Sanitize the URLs in the `<div class="pagination">` block.