The risks XSS represents
The risk of XSS is that the malicious code is usually injected directly into the vulnerable app and not a redirect site that the user might watch out for. It can be used to steal your session, take some screenshots, activate a keylogger, etc…
An even more dangerous type of XSS vulnerability is the persistent XSS. With Persistent XSS you don’t even have to click on a link to execute the code – you just browse to some page on a site you trust.