json xss scenariojson requestsite.com/json.php?param=<xss can go here>

1. json xss scenario
2.  
3. json request
4. site.com/json.php?param=<xss can go here>
5.  
6. html page
7. script
8. json_url = site.com/json.php?param=shop
9. json = get_json(json_url)
10. parse_json (json)
11.  
12. I can't modify the json_url in the page as it is hardcoded. The html page has no XSS to manipulate the json_url once page is loaded. If I could I would have it request
13.  
14. site.com/json.php?param=<dom xss>
15.  
16. and that would be easy XSS.