Journal of Cybersecurity and Information Management JCIM 2690-6775 2769-7851 10.54216/JCIM https://www.americaspg.com/journals/show/4057 2019 2019 Department of Computer Science, College of Science, University of Diyala, Baqubah, Iraq; University of Information Technology and Communication, Baghdad, Iraq Ali Ali Department of Computer Science, College of Science, University of Diyala, Baqubah, Iraq Ziyad Tariq Mustafa Al-Ta Al-Ta'i The dramatically increasing use of web applications and the rapid development of cloud services and interactive websites that provide integrated online services, relying on user data entry and server response, have been the primary drivers of the increase in cyber-attacks and threats, most notably cross-site scripting (XSS). Cross-site scripting attacks exploit available security vulnerabilities to inject malicious code, leading to numerous risks such as malware distribution, session hijacking, and data theft. Most traditional defense methods, such as input validation and output encoding, are reasonably ineffective against advanced threats. The advances in machine learning and artificial intelligence models have provided more accurate detection and prevention capabilities for these threats with significant accuracy. This study reviews the types and mechanisms of XSS attacks, existing mitigation techniques, and detection methods based on machine and deep learning. It also highlights several previous studies and related work on detecting and preventing these attacks, compares these works' performance using evaluation metrics and several aspects, identifies research gaps, and outlines future directions for improving XSS detection methods. 2026 2026 135 145 10.54216/JCIM.170210 https://www.americaspg.com/articleinfo/2/show/4057