Here’s an informative video and accompanying article by the folks at Acunetix showing the exploitation of XSS on Facebook. It demonstrates how XSS can not only be made into a serious flaw but also how it’s carried out in the background without the user ever knowing about it.