Imagine viewing the same chat logs, while logged in an admin interface, then it isn't self-XSS anymore.
Indeed, it appears that the limited scope meant the juicy stuff could not be tested. Like exfiltrating other users' data.
alt Hacker News
Indeed, it appears that the limited scope meant the juicy stuff could not be tested. Like exfiltrating other users' data.