One of the most common vulnerabilities found on a web application is XSS.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.
An attacker can inject malicious scripts, generally in the form of HTML or JavaScript code, into otherwise benign and trusted websites. These scripts are then executed within the browser of visitors to the compromised website. The malicious scripts can perform a variety of actions, such as stealing cookies, harvesting login credentials, and taking over the victim’s browser.
The name comes from cross-site scripting attacks that allow an attacker’s code to be executed within another user’s browser (which site?) by injecting it on one web page and then having that code run on another unassuming site that trusts said first site.