Cross-Site Scripting
Cross-Site Scripting lets an attacker inject malicious script into a web page that other users then load in their browsers. The injected code runs with the trust of the vulnerable site, allowing session theft, defacement, or redirection to malicious pages. It remains one of the most common web vulnerabilities, prevented by properly encoding and validating user-supplied input.