The web is rapidly developing, however common web applications still have problems. One of which is XSS (Cross-Site scripting), which took 7th place in OWASP-10 in 2017. We’ll talk about the vulnerability itself, exploitation methods and how to be protected from it.