Put merely, XSS is a client-side code injection attack that involves the execution of malicious scripts in a victim’s web browser by including malicious code in a legitimate webpage or web application. An XSS attack occurs when an unsuspecting user visits an infected site that executes the malicious code. In addition to web pages and web applications, hackers deploy forums and message boards to deliver XSS scripts. Cyber actors use tactics that allow them to circumvent the same-origin policy implemented to segregate different websites from each other. If a target has privileged access to a web application, an attacker can gain full control over the application’s data and functionality.