Each of the screen shots shows the XSS vulnerability in action. IE: all of the alert/confirm pop-ups you see on the screenshot are not supposed to be there, they've been injected through an XSS vulnerability.

The assumption is if you can cause an alert to display, you can (probably) run AJAX requests and actually get some data/do some damage.