Cross-site scripting, also known as XSS is common attack vector that attacker injects malware into legitimate website or web application. XSS does not directly target the application. Instead, an attacker would exploit vulnerability within a website or web application that victim would visit using vulnerable website to deliver malware the victim’s browser. An attacker injects malware into client side script such as JavaScript into web application’s output. Mostly, there are many injection points in website such as search fields, feedback and cookies. The most common purpose of XSS attack is to collect cookie data such as session IDs, user or login information. A successful cross site scripting attack can lead intense consequences for business‘s reputation and relationship with its customers. AIONCLOUD is web security service used for protection from web attack including cross-site scripting. In case of XSS, AIONCLOUD filters to identify and block malicious request based on signature. AIONCLOUD regularly updates the security rule set with signatures of latest attack vectors. Our technology collects attack information to protect user networks against latest threats.