XSS-based attacks are not new, but the rise of social media adds a new wrinkle to these sorts of vulnerabilities. The most common XSS attack method uses e-mail: A criminal appends special characters, such as those of a foreign language, to an ordinary URL. Site designers have to lock down their sites to prevent XSS exploits. Users have two ways to avoid XSS attacks: ignore links from one site to another, and disable scripting languages within your browser.”]
Source: https://www.csoonline.com/article/2125248/cross-site-scripting–an-old-problem-returns.html