ย A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a userโs browser while the browser is connected to a trusted web site. The application targets your applicationโs users and not the application itself, but it uses your application as the vehicle for the attack. XSS payload is executed whenever the user views the crafted POST request with XSS Payload in Openfire 4.5.0 Product.