Nah; most of the XSS possibilities I’ve seen are well-plugged (I’ve helped sort a couple of them). This exploit, which I believe is still open, is a fault in the interpretation of “private” by some parts of their codebase.

For a quick start, go to a public by somebody using the basic template and use the “forward” or “back” arrows to skip to a later or earlier post (of course, this can be done again with well-crafted URLs and, ideally, a script – I knocked up a quick Ruby one to help) until you find one which you don’t have access to. Then, use the “add to memories” function (you’ll have to have remembered the way these URLs work, too), and check your memories to get the title of the post.

If you want more, there’s a little more exploration to do. Hopefully LJ will fix it soon.