A well-presented video tutorial from the OWASP team explains in simple terms how one form of XSS - cross site scripting - works.
XSS is a bit tricky to explain. The video makes good use of graphics to put the message across, without getting too technical.
If you are a web developer, you should be well aware of XSS, in sufficient depth to know how to prevent this form of attack on visitors to your websites. The tutorial barely hints at the technical controls needed but future editions will go into more depth. Meanwhile, the excellent OWASP site includes lots more information and even some code snippets to give you a head start on securing your site.