Burp team found a new way to exploit XSS in hidden input fields. The key point is to use accesskey attribute to trigger the onclick event!
<input type=”hidden” accesskey=”X” onclick=”alert(1)”>
Details could be found at http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.htm