Site vunerable to XSS Via AJAX

If someone skips our submit question or submit reply functions entirely and knows how to use jquery, it is possible to run an ajax command in the console that submits a question with scripts hidden in it
