Is this a type of XSS attack?

Çağlar Arlı - 5 Views

I have been exploring customer support in a website as part of bug bounty program.

I then started a chat with their customer support and pasted the following in the box:

<!--<img src="--><img src=x onerror=javascript:alert(1)//">

Without sending the message. Immediately, I got an alert in the browser.

Is this considered a threat? and how it is possible to impact?

Annanowa