Dynamic web pages are widely used by web applications to provide better user experience and to attract more web users. The web applications use the client side and server side scripts to provide dynamic behavior to the web pages. Cross-Site Scripting (XSS) attack uses malicious scripts and links injected into the trusted web pages to steal sensitive data from the victims. In this paper, we present the experimental results obtained using three machine learning algorithms (Naïve Bayes, Support Vector Machine and J48 Decision Tree) for the prediction of Cross-site scripting attack. This is done using the features based on normal and malicious URLs and JavaScript. J48 gave better results than Naïve Bayes and Support Vector Machine based on the features extracted from URL and Java Script code. All the algorithms gave comparatively better results with discretized attributes but noticeable difference in performance was seen only in the case of SVM.