Explanation:
Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

The injected script runs in the context of the user’s browser and can steal cookies, session tokens, or sensitive information or redirect users to malicious sites.

XSS attacks are classified into three types: stored, reflected, and DOM-based XSS. These attacks exploit weak input validation mechanisms in web applications.

Additional Information:
Stored XSS involves injecting scripts into a server-side database, which affects multiple users. Reflected XSS is temporary and delivered via URLs or forms. DOM-based XSS manipulates the page content dynamically on the client side.

Preventive measures include proper input sanitization, content security policies (CSPs), and secure coding practices to escape special characters in user input.

Formal Definition:
Cross-Site Scripting (XSS) is a security vulnerability in web applications where attackers inject and execute malicious scripts in users’ browsers, compromising data security.