Jeff Channell is a web guy who I've seen time and time again volunteer his time on the Joomla security forum. He has found several Joomla extensions with XSS Vulnerabity exploits. He was kind enough to answer some questions about what it is and how Joomla site managers can best defend against it: