The software does not neutralize or incorrectly neutralizes
					user-controllable input before it is placed in output that is used as a web page
					that is served to other users.Cross-site scripting (XSS) vulnerabilities occur when:There are three main kinds of XSS:Once the malicious script is injected, the attacker can perform a variety
						of malicious activities. The attacker could transfer private information,
						such as cookies that may include session information, from the victim's
						machine to the attacker. The attacker could send malicious requests to a web
						site on behalf of the victim, which could be especially dangerous to the
						site if the victim has administrator privileges to manage that site.
						Phishing attacks could be used to emulate trusted web sites and trick the
						victim into entering a password, allowing the attacker to compromise the
						victim's account on that web site. Finally, the script could exploit a
						vulnerability in the web browser itself possibly taking over the victim's
						machine, sometimes referred to as "drive-by hacking."In many cases, the attack can be launched without the victim even being
						aware of it. Even with careful users, attackers frequently use a variety of
						methods to encode the malicious portion of the attack, such as URL encoding
						or Unicode, so the request looks less suspicious.