Define "cross-site scripting" (XSS).

Cross-site scripting (XSS) is defined as a vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This occurs when an application includes untrusted data in a web page without proper validation or escaping, enabling an attacker to run scripts in the context of the user's browser. Such scripts can be used to steal sensitive information, manipulate the user interface, or perform actions on behalf of the user without their consent.

The nature of XSS attacks highlights the importance of secure coding practices and input validation. By exploiting XSS, an attacker can interact with the user’s session or data, potentially leading to significant security breaches. This definition captures the core mechanics of XSS, focusing on the injection of malicious content and the effect it has on users interacting with compromised web applications.