Maybe you must try the injection using your cookie, type the injection in the content of the cookie, but if that doesn't work then the site is not entirely vulnerable to javascript injections. The creator of the site could have patched it when he created it. Is the persons account yourt trying to hack on the same network as you?