I expect good software developers to report all buffer overflows that they fix, regardless of whether or not they know of any active exploits. So yes, I expect good website admins to do the same with XSS.