Cross-site scripting(XSS) is a web application loophole which allows an attacker(hacker) to inject some malicious code into the web application by adding new code which is not a part of original application.
How does it work?
When the user runs that application, the website is loaded with the malicious code on it which can steal information from the user.
Web-Application – A thread:
Imagine a web application that you use on a regular basis. There are two ends of an application:
User end: Application end where the user logs in.
Server end: Application end where all the code is generated.
How does a hacker exploit XSS?
A hacker takes advantage of this vulnerability and injects his code into the web application.