This document provides an introduction and overview of cross-site scripting (XSS) attacks. It discusses the impact of XSS, the different types (non-persistent, persistent, DOM-based), how XSS works by injecting client-side code through web requests, and includes demos. The document concludes with recommendations for preventing XSS, including validating and encoding input and output to avoid injecting malicious scripts.