XSS is something every website should be aware of – test for it, because the bad hackers do.
Netsparker is a good site to explain some of the potential attacks.
The effect of XSS is to use the website to extract information, and even bypass the defenses of the server.
In some cases if the vulnerability is capable it will take control of he machine by creating a shell command line for the hacker.
Once the hacker has a command a shell line on the server, they can copy the password files, and then the hack goes to the next level of attack.
It goes on from there – until the hacker gets full control. Whatever you have is the hackers.