XSS (Cross-Site Scripting)

A security vulnerability where attackers inject malicious scripts into web pages viewed by other users. Stored XSS persists in the database, reflected XSS bounces off the server in the response, and DOM-based XSS manipulates client-side JavaScript. XSS can steal session cookies, redirect users, or deface websites. Defenses include output encoding, Content Security Policy (CSP) headers, and HttpOnly cookies.