As the follow-on of my successful HelloInjection presentation last year I would like to present the second most important type of web-based vulnerabilities, which is not other than Cross Site Scripting. As a member of the Hungarian faculty of OWASP I think this task is inevitable for us. In my presentation I will show the types of XSS attacks in detail, then I will provide an example for each of them, which the participants of the workshop can also perform. Besides these basic intrusions I would also like to draw attention to the possibility of a more exotic type of attacks, such as XSS code from the header or the vulnerailities of the new controls and elements introduced with HTML5, i.e. how can the data stored in localstorage be read, modified, etc. Certainly, after each chapter I will call the participants’ attention to the methods these types of vulnerabilities can be warded off in their applications.