There are two ways for users to become infected by XSS attacks.
1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.
This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.