In the world of technology which is constantly growing and improving comes with increased risks and security vulnerabilities that those with malicious intent seek to take advantage. Cross-Site Scripting (XSS) is one such method which is primarily used in web-applications to allow the attacker to inject client-side scripts onto web pages. This type of attack is called code injection. Unsuspecting users then view these web pages which then give the attacker a means of bypassing authorization for access controls. One such access control is the same-origin policy which follows that a script running on a web page is allowed to run on the same web page only if they are both of the same origin (URI scheme, hostname, and port number). Typically, this would prevent a malicious script from one web page to go to another web page and access sensitive data and information; however, XSS bypasses this by taking advantage of security flaws in web applications' servers or plug-in systems. Once the attacker has successfully taken advantage of one of these vulnerabilities and compromised the site, unsuspecting victims have basically granted the script the same level of permissions they would have given to the site, such as access to cookies. This would then allow the attacker to view any sensitive information a user might be inputting onto the site ranging from passwords to credit card information. The website's page content, session cookies, and browser-maintained information would all be accessible by the attacker at this point.