There Basically 2 Reasons For Occurring The XSS :-
(1) Function Method GET
(2) Open Tag In The Sccript
(1) Function Method GET :- The HTML specifications technically define the difference between "GET" and "POST" so that former means that form data is to be encoded (by a browser) into a URL while the latter means that the form data is to appear within a message body. But the specifications also give the usage recommendation that the"GET" method should be used when the form processing is "idempotent", and in those cases only. As a simplification, we might say that "GET" is basically for just getting (retrieving) data whereas "POST"may involve anything, like storing or updating data, or ordering a product, or sending E-mail.
So If There is any difficulty in defining or the writing in the code of this GET method,It invites the XSS/CSS ( Cross Site Scripting )
(2) Open Tag In The Sccript :- To understand this lets take and example guys.You all know HTML coding.I am here typing the cod of the HTML for simple text displaying on the webpage.
Code :- <html>
<title>XSS Vulnerability Information </title>
<body>Hi Guys This is chintan this document is made by me.</body>
Guys this is the simple code of the displaying text with the title page and the heading.
Technical Falult :- Suppose any web developer forgets to closing any tag then it occurs the XSS vulnerability.
SUPPOSE HERE I FORGET TO CLOSE THE TITLE,HEAD OR THE BOYS IT SIMPLY MEANS THAT THE TAG IS OPEN SO THAT IF ANY USER GIVES ANY COMMAND OR THE SCRIPT IT WILL RUN IN THIS BECAUSE THE TAG IS OPEN AND IT ALLOWS ALL THE SCRIPT FROM USER THROUGH BROWSER.SO ANY SCRIPT CAN BE RUN IN THIS INPUT BY USER.
How to Prevent This Vulnerability ??
(1) In first case change that all GET method to POST methods.
(2) In second case check with tag is remained open by the web developer and try to close it.