Cross-Site Scripting (XSS) is the most common web application vulnerability. Many people still underestimate the impact of XSS vulnerabilities and their consequences. XSS is only exploitable if the attacker can trick a user into opening a malicious link to trigger the vulnerability. The vulnerability can be exploited by making the victim visit any page of any website where an XSS exploit can be placed. Over 90% of vulnerabilities are exploited in a manner that can be used to deliver malware to infect users with malware. The vulnerabilities are often live for a long time before being identified or patched.”]
Source: https://informationsecuritybuzz.com/articles/xss-still-easiest-way-hack-website-2014/