First of all, what is Cross Site Scripting (XSS)? XSS is when JavaScript code is run by a client on a website in an unauthorized manor via a textbox or other method. For example:
Notice how the text hello is rendered onto the screen. Now try using the textbox to render some HTML code. You will notice that this also renders to the screen.
Now try typing <script>alert("Hello");</script>
What happens? (reply to this thread with the answer)
While it may be a bit funny to write bold text to the page and run alerts in JavaScript, hackers can write code that can give them access to your account (if you had an account and were signed in on the given website).
Not convinced? Check out this demo where I use JavaScript to “hack” myself: