Though I am no expert in XSS, I do know some of the ways someone can abuse these techniques.
For example, I was once pointed to the fact that visitors were able to execute javascript via the search field of a website, because the input of the search field didn’t get stripped of it’s html tags (like the example above actually does). This way, people were able to get valuable information about the server, by executing certain scripts via the search field.
As I said, I am no expert, so I don’t know what can actually be achieved through XSS. I do know you’re better of securing your website from the risk of finding out.
Apart from that, Google is your best friend.
I hope this was helpfull, good luck!