Cross-site scripting (XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. XSS works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim’s browser, the attacker can fully compromise their interaction with the application. From version 92 onward (July 20th, 2021), cross-origin iframes are prevented from calling alert() from the more advanced XSS attacks, so that they can also be solved using print().”]
Source: https://portswigger.net/web-security/cross-site-scripting