What is the difference between 'self' and 'unsafe-inline' in Content-Security-Policy?

Question

I am trying to understand how Content Security Policies can mitigate XSS-Attacks on Web-Servers. Suppose there is a XSS-vulnerability in an User-Input-Field. It can be used