What type of attack does Cross Site Scripting (XSS) represent?

Cross Site Scripting is a security vulnerability in a web application that allows attackers to inject and execute malicious scripts in pages viewed by other users. This happens when user-supplied input isn’t properly sanitized or escaped, so the injected code runs in the victim’s browser—potentially stealing cookies, session tokens, or taking actions on behalf of the user. It’s not about brute-forcing passwords, nor is it a network flood attack, and while XSS can lead to bypassing some protections, the fundamental issue is the ability to execute unauthorized scripts within a trusted page. There are several forms (stored, reflected, and DOM-based), and you mitigate it with proper input validation, output encoding, Content Security Policy, and securing cookies (HttpOnly, Secure).