To better understand why an interviewer would ask a question about an XXS script, let's examine what it is, and how you might be positioned to best answer this question. XSS, also known as Cross Site Scripting is a script that is used to attack a network or system with a malicious virus. There are two versions of this script, the first one is a stored XSS, and the other is a reflected XSS. The stored XSS is an attack that permanently injects a script on a server or database that allows the attacker to access confidential information. The reflected XSS is similar in that it also injects a malicious script into a web server or email in the form of an error. The attacker can then access confidential information after an unsuspecting victim clicks or opens up that link.

The reason the interviewer is asking this question is to see how familiar you are with XSS scripts. Many organizations make it a policy to train their employees on how to spot malicious or harmful viruses that come in the form of an email or web browser errors. Your answer to this question should address your level of expertise in this area, and what you have done to combat these attacks in the past. Mentioning that you were a part of a training program that educated employees on how to spot malicious emails and fake links will help give the interviewer a higher level of confidence in your technical abilities in this area. It also doesn't hurt if you mention some before and after improvements of how the company is doing as a result of your training initiative. This will also show that you are pro-active as well.