Cross-site scripting (XSS) is a cyberattack in which a hacker enters malicious code into a web form or web application URL. This malicious code, written in a scripting language like JavaScript or PHP, can do anything from vandalizing the website you’re trying to load to stealing your passwords. XSS attacks are broken down into several categories: reflected attacks, DOM-based attacks, and stored attacks. Google has implemented mitigation measures of the sort that we’ll discuss in a moment.”]
Source: https://www.csoonline.com/article/3269028/what-is-xss-cross-site-scripting-attacks-explained.html