XSS is a type of attack in computer security mainly found in web applications that enables attackers to run some script in your web browsers. In other words cross-site scripting occurs when an attacker sends a malicious code through a web page in the form of client side script to a different end user .The end user has no way that whether the script is from trusted source or not and hence he can execute the malicious script which can access its authentication cookies , session tokens, or other sensitive information retained by his browser .
An attacker can attack computer security by Cross-side scripting at the time when input is taken from user in a Web applications .It then include it in Web pages without first properly validating the data. XSS attacks allow an attacker to execute arbitrary commands and display arbitrary content in a victim user's browser and helps attacker controlling the victims browser or account on the vulnerable Web application. XSS is enabled by vulnerable pages in a Web application but its victims are the application's users, not the application itself. The power of an XSS vulnerability lies in the fact that the malicious code executes in the context of the victim's session and allows the attacker to bypass normal security restrictions.