Cross site scripting is done by the using of known vulnerabilities like web based on applications, their servers or plug-ins users rely upon. Exploiting one of these by inserting malicious coding into the link which appears to be an trustworthy source. When users click on this link of malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing the attacker to steal information.
There are three types of Cross-site scripting:
Non-persistent
Persistent
Server side versus DOM based vulnerabilities