Cross-site scripting (XSS) is a web application vulnerability. XSS exploits the power of web scripting languages like JavaScript to redirect users to malicious web sites, steal session cookies, or insert malware on the target host.
XSS is one of the OWASP Top Ten web application vulnerabilities.