A type of website and application security vulnerability. XSS attacks allow attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability can be used by attackers to bypass access controls.
Cross-site scripting accounted for approximately 84% of all website vulnerabilities documented by Symantec through 2007. The effects of XSS range from a minor nuisance to a significant security threat, depending on the level of protection of the data handled by the vulnerable site.