At the core of a traditional XSS attack lies a vulnerable script in the vulnerable site.

Within the hacker community there's always been a certain amount of disdain for 'script kiddies' — people who don't really understand the systems they attack but use off-the-shelf tools.

When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs.