All cross site scripting vulnerabilities cannot be exploited easily and would need a vulnerablity chain to exploit them For example a self XSS that only executes in your profile, here is how whitton used minor OAuth flaws to exploit a cross site scripting in Uber https://whitton.io/articles/uber-turning-self-xss-into-good-xss/ How about a XSS that needs a lot of user interaction?
This is how Sasi used a clicking vulnerability to succesfully exploit a xss in Google about a Cross site scripting that needs an arbitrary cookie?
Untrusted data enters a web application, typically from a web request. The web application dynamically generates a web page that contains this untrusted data. During page generation, the application does not prevent the data from containing content that is executable by a web browser, such as Java Script, HTML tags, HTML attributes, mouse events, Flash, Active X, etc. A victim visits the generated web page through a web browser, which contains malicious script that was injected using the untrusted data. Since the script comes from a web page that was sent by the web server, the victim's web browser executes the malicious script in the context of the web server's domain. This effectively violates the intention of the web browser's same-origin policy, which states that scripts in one domain should not be able to access causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
Luckily in next 5 minutes we found an endpoint were the application takes an user input & throws it directly into Set-cookie response headers.If one of these users executes malicious content, the attacker may be able to perform privileged operations on behalf of the user or gain access to sensitive data belonging to the user.For example, the attacker might inject XSS into a log message, which might not be Type 0: DOM-Based XSS In DOM-based XSS, the client performs the injection of XSS into the page; in the other types, the server performs the injection.XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS).It does NOT currently test for stored The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS If the resulting HTML page sets a specific Java Script value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS The tool does not attempting to compromise the security of the given system.