XSS Cross Site Scripting: Dynamic websites suffer from a threat that static websites don’t, called “Cross Site Scripting” (or XSS). Attackers canl inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable web sites and force a webpage to link to a location.