Cross-site scripting (XSS), which occurs when cybercriminals insert malicious code into webpages to steal data or facilitate phishing scams, has been around almost since the dawn of the web itself. Although it is an older exploit, it still appears frequently enough to land on the OWASP Top 10 list. It has even affected modern websites run by the FBI, the Obama administration, eBay and others. And last year, an ethical hacker breached a Dutch government website within a few days of its launch using a clientside XSS vulnerability.
Read more here.