XSS (Cross-Site Scripting) is a web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts execute in the victim’s browser and can steal data, hijack sessions, or alter page content. Preventing XSS requires input validation and output encoding. Example: Injecting JavaScript into a comment field that runs when another user views the page.
