Cross-Site Scripting (XSS), listed as A07 in the OWASP Top 10 for 2017, occurs when an application includes untrusted data in web pages without proper validation or escaping. This allows attackers to inject malicious scripts into content viewed by other users, leading to session hijacking, defacement, or redirection to malicious sites. XSS typically happens when input is reflected in the browser or stored and later displayed. Preventing XSS requires proper output encoding, input validation, using secure libraries, and applying Content Security Policy (CSP) to reduce the impact of potential attacks.
