Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. This can happen when a website does not properly validate or sanitize user input, enabling the attacker to execute harmful code in the context of another user's browser. When a user visits a compromised page, the injected script can steal sensitive information, such as cookies or session tokens, or perform actions on behalf of the user. To protect against XSS, developers should implement security measures like input validation and output encoding, ensuring that user-generated content is handled safely.