Cross-site scripting (XSS) is one of the most common vulnerabilities discovered on web applications. If left unpatched, XSS can expose your application to various security risks. We show you how to find XSS in web applications, and what you can do to prevent it.