Cross site scripting is a programming issue that requires significant experience in computer programming. Various tutorials are available online on programming websites.

This question can not be answered. In order for this question to be answered you will have to tell me which site you are talking about.

Two methods to prevent cross site scripting that come to mind.

One is to encode and decode the input field values of your HTML form.

This will change the special characters of the code a hacker tries to place into your form fields to do cross site scripting.

The other is to be sure and validate the input types of your form fields so that only valid data types are accepted.

Hope this helps.

Securing PHP web applications against common vulnerabilities is crucial for protecting sensitive data and maintaining user trust. Here are some best practices for securing PHP web applications against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF)

In short: Yes, a cross-site scripting attack (XSS) can be used to access cookies. This is a big part of the reason why you shouldn't rely solely on cookies to identify a user.

In 2006, LiveJournal was a victim of just this style of attack. You can read about it in detail in the related links. Since then, browsers have implemented security measures making this kind of attack far more difficult to implement (but not impossible.)