On my web server
Yesterday I have caught a POST request with following text for a host
"><script>alert('qualys_xss_joomla_2.5.3')</script>
in full it was like this
headers
{
...
"host": "%22%3e%3cscript%3ealert('qualys_xss_joomla_2.5.3')%3c%2fscript%3e",
"x-forwarded-port": "443",
"x-forwarded-proto": "https",
...
}
httpMethod
POST
Is it a hacking attack? What was it aimed for?
Someone's (using https://www.qualys.com/) scanning your site for XSS vulnerabilities (and looking for a particular known vulnerability in Joomla, it looks like). See https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) for details on how XSS works and how you can protect yourself.