With the increased use of the internet, web applications and websites are becoming more and more common. With the increased use, cyber-attacks on web applications and websites are also increasing. Of all the different types of cyber-attacks on web applications and websites, XSS (Cross-Site Scripting) attacks are one of the most common forms of attack. XSS attacks are a major problem in web security and ranked as number two web application security risks in the OWASP (Open Web Application Security Project) Top 10. Traditional methods of defence against XSS attacks include hardware and software-based web application firewalls, most of which are rule and signature-based. Rule-based and signature-based web application firewalls can be bypassed by obfuscating the attack payloads. As such, rule-based and signature-based web application firewalls are not effective against detecting XSS attacks for payloads designed to bypass web application firewalls. This paper aims to use machine learning to detect XSS attacks using various ML (machine learning) algorithms and to compare the performance of the algorithms in detecting XSS attacks in web applications and websites.