Most modern digital services utilize web applications to serve their clients continuously; whereby large amounts of sensitive information are processed in real time. Many cybersecurity threats compromise confidentiality, integrity, and availability, causing financial losses and legal consequences. For instance, Cross-Site Scripting (XSS) is the root cause of 80% of online data breaches. The XSS exploit weaknesses in web applications by injecting malicious scripts into user requests. However, Traditional Web Application Firewalls (WAFs) often rely on static rule-based approaches that may not effectively detect XSS attack patterns in modern web environments. This study proposes an enhanced WAF that integrates a deep learning Long Short-Term Memory (LSTM) model as an intelligent XSS detection layer named XSSLayer positioned alongside the traditional WAF for improving its real-time detection capabilities. The XSSLayer analyzes all incoming requests and identifies abnormal or malicious script patterns before forwarding the analysis results to the WAF, enabling the firewall to forward only valid traffic to reach the web application server. Thus, the LSTM-based detection layer and the WAF collaboratively operate to detect and block XSS attacks efficiently. The integrated system was tested and evaluated using several performance metrics, including accuracy and loss. The obtained results showed that the enhanced Web Application Firewall (WAF), with an integrated Long Short-Term Memory (LSTM), can classify malicious scripts within web requests, whereas the training accuracy reached approximately 98.0% and the validation accuracy was about 99.4%. In addition, the results showed a validation loss of about 0.02, that indicate a high predictive reliability and minimal prediction error. The confusion matrix analysis showed only 25 false positives out of 2,600 benign requests and 11 false negatives out of 2,137 attack instances, which indicates the model's robust discriminative capacity. Furthermore, the obtained results of precision, recall, and the F1‑score indicate that the model shows an exceptional capability, with nearly perfect performance in detecting XSS attacks using the LSTM architecture in real-time. However, integrating the XSS model with the ModSecurity firewall introduced additional computational overhead and slightly increased reply time, memory, and CPU usage. However, the findings provide strong evidence that integrating LSTM deep learning models with traditional WAF systems substantially enhances the capability of detecting XSS attacks in real-time compared to conventional WAF. .................. Keywords: ...............Web Application Firewall, Deep Learning, Attack Detection, Firewall, and XSS.