Cross-Site Scripting (XSS)

Cross-Site Scripting is a security vulnerability where attackers inject malicious scripts into web pages viewed by other users. These scripts can steal session tokens, cookies, and other sensitive data, or perform actions on behalf of the user. XSS comes in several forms: reflected (via URL parameters), stored (in databases), and DOM-based (in client-side JavaScript). Prevention requires proper input validation, output encoding, and Content Security Policy implementation.