Cross-site Scripting (XSS) is the most prevalent web application security flaw and occurs when user supplied data is sent to the browser without properly validating or escaping that content. XSS flaws can allow the attacker to:
- Deface web page (examples http://xssed.com, http://www.alpacahack.com/)
- Steal session cookies so attackers can impersonate victims without having to steal passwords