Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. The purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker.

This is a controversial demo video by Brial Contos, CISSP from  IMPERVA. It takes you through each and every step involved to find xss/css vulnerability in a webpage and showcases some of the basic steps that you need to know.

]