XSS payload for XMLHttpRequest()


The source code says as below:

<script>        function doSearch(item) {                           url = 'https://api.mywebsite.com/search'         var xmlHttp = new XMLHttpRequest();         xmlHttp.onreadystatechange = function() {            if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {             response = JSON.parse(xmlHttp.responseText);             populateTable(response);           }           else if (xmlHttp.readyState == 4 && xmlHttp.status != 200) {             console.log(xmlHttp.responseText);           }         }         xmlHttp.open('POST', url, true);          xmlHttp.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');         xmlHttp.setRequestHeader('Accept', 'application/json');         data = {'searchTerm':item}         xmlHttp.send(JSON.stringify(data));                }              var mockResponse = {         "response" :           [             {               "breed" : "german sheperd",               "intelligence" : 3             },             {               "breed" : "labrador retriever",               "intelligence" : 7             }           ]       }              function populateTable(response) {                  document.getElementById('theTable').innerHTML = '';                  responseData = response['response'];                  for (i = 0; i < responseData.length; i++) {           tr = document.createElement('tr');           td1 = document.createElement('td');           td1.setAttribute('class', 'column1');           td1.innerText = responseData[i]['breed'];           tr.appendChild(td1);           td2 = document.createElement('td');           td2.setAttribute('class', 'column2');           td2.innerText = responseData[i]['intelligence'];           tr.appendChild(td2);           document.getElementById('theTable').appendChild(tr);         }                  }        </script> 

Any way I can achieve XSS with a pop up??