Cross Site Scripting (XSS) are attacks on web services over the Hypertext Transfer Protocol(HTTP).
XSS attacks exploit an XSS hole in the input of user data. Such an XSS hole occurs when an application sends user data to a web browser without first verifying the content or encrypting it. The user input is notverified and reaches the browser unfiltered.
With the XSS attacks, hackers can execute compromising scripts in the attacked person's browser and use it to initiate attacks using phishing or malware. Any scripting language supported in browsers is vulnerable to these attacks. Protection against cross-site scripting can be achieved if all incoming data is checked against a validation list, a whitelist.