I wanted to know how cross site scripting works.
what are its hazards?
and How to resolve it?
It's best to Google questions like this, to save us all typing what's already been typed.
Feel free to ask follow-up questions once you've done your initial research.