Welcome to WebmasterWorld Guest from 18.104.22.168
How to prevent it
The best way to prevent leaving your site open to XSS attacks is to keep up to date with the latest patches on the software you use. If it's bespoke then use very aggressive filtering options on all data from the user(wherever possible use whitelist filtering rather than blacklist filtering because it affords far tighter control).
If you want to test it yourself then work out where users provide input that will be written to the screen at some point - don't forget about data you write to screen that's stored in hidden form variables, the querystring and cookies as they can all be compromised with very little effort.
Once you've got that list of inputs, work through the relevant scripts and check what filters and verfication processes that data is subjected to before it's being used / written to screen.