A type of attack when cybercriminals inject a malicious code into a webpage. As a user opens the page, the code starts running on their computer and connects to the web-server of the fraudster who gains control over the system this way.
There are two major types of XSS vulnerabilities: persistent and reflected (non-persistent). In case of the persistent vulnerability, the code is saved by the server, so all the website visitors become victims. In case of the reflected vulnerability, the code is injected into a definite page, to which a user is attracted i.e. via phishing.