Q: What is an XSS (Cross-Site Scripting) attack?
A: Cross-site scripting is an attack where malicious client-side scripts (commonly JavaScript, but other languages can be used) are embedded into a trusted website. It is a client-side attack, with the victim being the end-user. The website administrator is also a user, and the attacker often uses the administrator's identity as a pivot to gain further access.