What Does Cross Site Scripting (XSS) Mean?
Techopedia Explains Cross Site Scripting (XSS)
When an XSS vulnerability is successfully exploited, the server application can be seriously exposed to major risks. For instance, users can be duped into executing malicious scripts when viewing dynamically generated pages. Another possibility involves an attacker taking over a user session before its corresponding session cookie expires. In yet another case, innocent users can be connected to a malicious server.
In practically all scenarios, a victim’s system is attacked by using the victim’s privileges themselves. The attacks can then evolve into account hijacking, cookie theft, false advertising and modifications in the user settings of the victim’s account.
One way of mitigating the risks of XSS exploits is by turning off active scripting in browsers. Unfortunately, this also takes away a browser’s capability to execute dynamic websites and isn't a realistic solution for most users.