Cross-site scripting is a type of injection attack wherein a vulnerability in web applications is exploited that allows a threat actor to inject malicious script into the site’s content. Affected trusted sites are made to deliver the malicious script to visitors.