Definition[]
A cross-site scripting vulnerability is a programming flaw involving content coming from an external source, such as a blog, a user review of a product on an e-commerce site, an auction, a message in a discussion board, a search term, or a web-based email. Such externally-supplied content can be a malicious script or other content that is not properly filtered out by software on the site’s server, and runs in the web browser of a visitor to the site.