Facebook’s Translations tool allows users to perform phrase searches within translations. An attacker could have used it to access or change information on people’s accounts. Lesser used portions of the site are often the most vulnerable since they’re not updated as often or tested as frequently. Facebook’s claims that they’ve eliminated XSS vulnerabilities, it’s clear that some portions of site are better protected than others. I want to thank Facebook for responding to my report and fixing the vulnerability in a timely manner.
Source: https://thehackernews.com/2011/03/xss-vulnerability-in-facebook.html