With the global trend of internet, many companies set up websites for international recognition and marketing. However, the hackers and potential attackers lurk on internet. More and more web attack methods have invented and threat these vulnerable websites. Recently, the "Code Injection" has become the major problem, such as SQL Injection, ASP Injection, PHP Injection and XSS (Cross Site Scripting) attack. The victims include the biggest Blog "Wrench" in Taiwan and the largest friend's community website "My Space" in the world. In this paper, we will analyze the XSS attack and propose a scheme to collect evidence on network systems after XSS attack. We also propose our management strategy against XSS attack.