Aiming　at　the　difficulties　to　prevent　Web　applications　to　be　maliciously　injected　which　are　increased　by　all　kinds　of　dynamic　Web　technologies　applied,　concentrate　on　XSS　attack,　this　paper　reviews　the　research　progresses　of　Web　application　injection　vulnerabilities　detection　in　recent　years.　It　summarizes　the　classification　and　causes　of　the　XSS　injection　security　vulnerabilities,　analyzes　the　complexity　of　security　vulnerabilities　detection;　then　proposes　the　key　technologies　of　the　existing　detection　approached,　including　analyzing　and　identifying　the　injection　points,　injection　detection　by　software　analysis　and　testing,　symbolic　execution,　taint　analysis;　finally　presents　its　future　development　direction.