To　deal　with　the　problems,　such　as　low　coverage　of　found　vulnerability　injection　points　in　complex　web　page,　lacking　of　dynamical　analysis　for　response　message　from　target　website　faced　by　the　detection　system　of　XSS　vulnerability,　a　method　to　detect　XSS　vulnerability　based　on　user＇s　behavior　simulation　is　proposed　to　make　improvement　for　the　detection　system　of　XSS　vulnerability　on　extracting　injection　points,　generating　attack　test　vector　and　analyzing　response　results.　By　searching　for　a　variety　of　the　unformatted　injection　points　through　analyzing　web　page　structure　as　well　as　taking　into　consideration　the　length　of　the　string　and　the　type　of　the　character,　the　attack　test　vector　is　optimized　and　it　can　bypass　the　server　filter　function　and　shorten　the　vulnerability　detection　time.　Test　results　show　that　the　proposed　method　can　improve　the　detection　coverage　rate　of　the　injection　point　and　the　detection　effect　of　XSS　vulnerability.　©　2017,　Editorial　Office　of　Journal　of　Dalian　University　of　Technology.　All　right　reserved.