More than 6 Brazil govt websites vulnerable to stored XSS

Some people mainly known as 9Lulz and Asor Hack Team hacked many government websites and even now they might be hacking the “.gov.br” websites. If you visit any website hacked by them, an alert message will come saying “HACKED BY: 9Lulz” or they will redirect you to a pagebin.com link. All the links and screenshot are shown below.

These people are targeting only .gov.br addresses. That means, they are hacking website of Brazil’s Government. Whenever they redirect you, different music starts playing for different websites.
Here are the links to the hacked websites.
http://www.saaedecasimiro.rj.gov.br/
http://www.camaradeguaratinga.ba.gov.br/
http://www.tiete.sp.gov.br/
http://www.cmsaopedrodoivai.pr.gov.br/
http://www.astorga.pr.gov.br/site
http://www.jandaiadosul.pr.gov.br/

We cannot say that these groups have hacked those websites completely, and now can deface them. They just found a way to do a stored XSS attack in comment system, or somewhere else. And that might be shown on the homepage and the code gets executed each time someone opens the website.
Only Brazil websites got hacked, so this is clear that all websites used about same code and are equally vulnerable. As you already saw, more than 6 Brazil’s government’s websites got hacked.