Reflected XSS (Cross-Site Scripting) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages. This occurs when user input, such as a URL parameter, is immediately reflected back to the browser without proper validation or sanitization. When a victim clicks on a specially crafted link, the malicious script executes in their browser, potentially stealing sensitive information. In reflected XSS, the attack is not stored on the server; instead, it is delivered in real-time. This means that the attacker must trick the victim into clicking the link, often through phishing emails or misleading messages. Proper input validation and output encoding are essential to prevent this type of vulnerability.