What is Cross Site Scripting (XSS)?
If an XSS vulnerability is successfully exploited, the server application could be at serious risk. For example, while viewing dynamically generated pages, users can be tricked into executing malicious scripts. Another possibility is for an attacker to take over a user session before the corresponding session cookie expires. In another case, innocent users can be connected to a malicious server.
In virtually all scenarios, a victim's system is attacked by using the victim's privileges himself. The attacks can then lead to account hijacking, Cookie theft, false advertising and changes in the user settings of the victim account.
One way to mitigate the risks of XSS exploits is to disable active scripting in browsers. Unfortunately, this also means that a browser can no longer run dynamic websites and is not a realistic solution for most users.