Different kinds of Cross-site Scripting (XSS):

Stored XSS    -  https://www.youtube.com/watch?v=7M-R6U2i5iI 
Reflected XSS -  https://www.youtube.com/watch?v=V79Dp7i4LRM 
DOM XSS       -  https://www.youtube.com/watch?v=tJ7L6ErD4ZY
                                                                                                     
SQL Injection - https://www.youtube.com/watch?v=z7eXjBvB2B4     

(For more information, see OWASP project for web vulnerabilities -
  https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project )

Fixing XSS: A practical guide for developers -
http://www.coverity.com/srl/a-guide-to-fixing-xss-for-devs.html
This library attempts to fix the issue of contextless data migration between
webserver and browsers

XSS Filter evasion cheat sheet -
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Sort of helps show why encoding & regex matching fails so hard

Bypassing XSS Filters:
https://sitewatch.me/files/Bypassing%20Internet%20Explorer's%20XSS%20Filter.pdf
https://code.google.com/p/chromium/issues/detail?id=114641
http://blog.opensecurityresearch.com/2012/09/simple-cross-site-scripting-vector-that.html
http://www.thespanner.co.uk/2013/02/19/bypassing-xss-auditor/ 

In reality, there are so many: http://lmgtfy.com/?q=bypass%20xss%20auditor  

Internet Explorer XSS filter creates vulnerability:
http://p42.us/ie8xss/Abusing_IE8s_XSS_Filters.pdf 

How we hacked Facebook with OAuth2 and Chrome bugs
http://homakov.blogspot.com/2013/02/hacking-facebook-with-oauth2-and-chrome.html 
(Vulnerability due to XSS auditor in chrome)