Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject malicious code into a legitimate website, causing it to run malicious code on victims' computers.
A successful XSS attack can lead to a wide range of impacts, including stealing session cookies or other sensitive data, manipulating the content that is displayed to other users and performing actions on behalf of other users. An XSS attack is commonly delivered through a malicious link or attachment sent via email but can also be embedded in social media messages or search engine results.
A successful cross-site scripting attack is possible because Web browsers allow users to input data without filtering out potentially harmful content. For example, if an attacker can trick a user into following a link containing malicious JavaScript (JS) code, then the browser will execute the JS code contained in the URL.