XSS is not malware, it is considered a vulnerability, typically found in web applications.
You can find the full writeup on Wikipedia here:
http://en.wikipedia.org/wiki/Cross-site_scripting
Here is another good cheatsheet:
http://www.veracode.com/security/xss
Here are some examples:
http://www.thegeekstuff.com/2012/02/xss-attack-examples/
Symantec has multiple IPS signatures to protect against XSS attacks. Search for XSS signatures here:
http://www.symantec.com/security_response/attacksignatures/