This document summarizes a lightning talk on cross-site scripting (XSS) attacks. It defines XSS as the injection of malicious JavaScript onto a website with the intent of client-side execution. There are three main types of XSS attacks: reflected, persistent, and DOM-based. The talk focuses on persistent XSS attacks. It provides examples of how XSS could be used to scan local networks, steal user sessions through cookie theft, and gain complete control of the vulnerable webpage. The document concludes by recommending tools and resources for learning more about conducting white hat XSS testing.