Cross-Site-Scripting (XSS) is a client attack that manipulates an Web client (for example, a web browser) to run a malicious customized script leveraging access to resources available by the attacked web application, like the ability to perform an API call as an authenticated user, or change any client resource in the web page document to manipulate the user to perform unwanted actions by a seemingly trusted source.

Related Terms

Application Security Posture Management

AppSec, but so much

Reclaim AppSec