We present analytical models and simulation results that characterize the impacts of the following factors on the propagation of cross-site scripting (XSS) worms in online social networks (OSNs): 1) user behaviors, namely, the probability of visiting a friend's profile versus a stranger's; 2) the highly clustered structure of communities; and 3) community sizes. Our analyses and simulation results show that the clustered structure of a community and users' tendency to visit their friends more often than strangers help slow down the propagation of XSS worms in OSNs. We then present a study of selective monitoring schemes that are more resource efficient than the exhaustive checking approach used by the Facebook detection system which monitors every possible read and write operation of every user in the network. The studied selective monitoring schemes take advantage of the characteristics of OSNs such as the highly clustered structure and short average distance to select only a subset of strategically placed users to monitor, thus minimizing resource usage while maximizing the monitoring coverage. We present simulation results to show the effectiveness of the studied selective monitoring schemes for XSS worm detection.