XSS, or Cross-Site Scripting, is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can happen when a website does not properly validate or sanitize user input, enabling the attacker to execute harmful code in the context of a user's browser. When a user visits a compromised page, the injected script can steal sensitive information, such as cookies or session tokens, or perform actions on behalf of the user without their consent. Protecting against XSS involves implementing proper input validation and using security measures like Content Security Policy (CSP).