Definitions for "Cross-site scripting"
A security vulnerability in a web application that results from improper filtering of input used to generate some sort of web page (in a form, for example). If the input contains a script which is not stripped out by the web application, it could be processed as part of the output and execute within the domain of the hosting web site. A hostile third-party could 'inject' a malicious script which would run in the user's browser under the security context of the trusted web site. This is frequently exploited to gain access to a user's cookies.
(Acronym – XSS) An attack technique that forces a web site to echo client-supplied data, which execute in a user's web browser. When a user is Cross-Site Scripted, the attacker will have access to all web browser content (cookies, history, application version, etc). See also " Client-Side Scripting".
The execution of script from one site in the context of a Web page from another site. This was not considered to be a problem in the basic design of the Web, but XSS has often come to be used for security attacks.