Cross-Site Scripting (XSS) is a security vulnerability in web applications that allows attackers to inject malicious scripts (usually JavaScript) into web pages viewed by other users.