With　the　widespread　popularity　of　the　Internet　and　the　transformation　of　the　world　into　a　global　village,　Web　applications　have　been　drawn　increased　attention　over　the　years　by　companies,　organizations,　and　social　media,　making　it　a　prime　target　for　cyber-attacks.　The　cross-site　scripting　attack　(XSS)　is　one　of　the　most　severe　concerns,　which　has　been　highlighted　in　the　forefront　of　information　security　experts?　reports.　In　this　study,　we　proposed　XGBXSS,　a　novel　web-based　XSS　attack　detection　framework　based　on　an　ensemble-learning　technique　using　the　Extreme　Gradient　Boosting　algorithm　(XGboost)　with　extreme　parameters　optimization　approach.　An　enhanced　feature　extraction　method　is　presented　to　extract　the　most　useful　features　from　the　developed　dataset.　Furthermore,　a　novel　hybrid　approach　for　features　selection　is　proposed,　comprising　information　gain　(IG)　fusing　with　sequential　backward　selection　(SBS)　to　select　an　optimal　subset　reducing　the　computational　costs　and　maintaining　the　high-performance　of　detector?　simultaneously.　The　proposed　framework　has　successfully　exceeded　several　tests　on　the　holdout　testing　dataset　and　achieved　avant-garde　results　with　accuracy,　precision,　detection　probabilities,　F-score,　false-positive　rate,　false-negative　rate,　and　AUC-ROC　scores　of　99.59%,　99.53　%,　99.01%,　99.27%,　0.18%,　0.98%,　and　99.41%,　respectively.　Moreover,　it　can　bridge　the　existing　research　gap　concerning　previous　detectors,　with　a　higher　detection　rate　and　lesser　computational　complexity.　It　also　has　the　potential　to　be　deployed　as　a　self-reliant　system,　which　is　efficient　enough　to　defeat　such　attacks,　including　zeroday　XSS-based　attacks.