From the CVSSv2 specification:
SCORING TIP #2: When scoring a vulnerability, consider the direct impact to the target host only. For example, consider a cross-site scripting vulnerability: the impact to a user's system could be much greater than the impact to the target host. However, this is an indirect impact. Cross-site scripting vulnerabilities should be scored with no impact to confidentiality or availability, and partial impact to integrity CVSSv2 spec
This is also how I have seen XSS be scored in practice.
But even if we only consider the impact on the host, an attacker could use a JavaScript payload that reads out sensitive information from the affected web-application (if the victim is currently logged in of course, and if such sensitive information exists).
So why isn't confidentiality rated as low? Is this an indirect impact? And if so, why (and why isn't the integrity impact indirect then)?. And for that matter, why isn't there an availability impact? Couldn't an attacker bypass CSRF protection and thus possibly (depending on the application of course) delete important data or change settings to make the application unavailable?
Related: Why is XSS scored with partial impact to integrity in CVSS V2?.
I know this has been changed in CVSSv3 (because now the browser is considered instead of the host).