In recent times, web remains the preferred platform for users to carry out their business activities. The migration of applications to web has been rapid ranging from applications like E-commerce, Public forum, E-governance, E-banking, Shopping Portals or any other applications running on the web. Web Applications have increased its usage because of easy accessibility to different users around the world. But as the usage of the web has increased, it has also given an undesirable or dark side to the usage of html. Cross-site scripting (XSS) attacks continue to remain the topmost threat to web apps, databases and websites around the world for a considerable amount of time now. A survey of about 15 million cyber attacks in the third quarter of 2012 has revealed that most of these attacks are XSS based. Although attacks like SQL Injection, CSRF and Phishing are also common, XSS still remains the preferred technique for hackers to carry out malicious activities on web. This paper discusses about XSS attacks, their operation and different categories of XSS attacks. The paper also highlights the mitigation scenario and techniques possible for prevention