Cross-site scripting (XSS) allows attackers to inject malicious scripts into a webpage, targeting users who load that page. It's usually caused by insufficient input validation and improper encoding of user input that is displayed on web pages. Using XSS, attackers can achieve the following: