XSS the is act of running arbitrary scripts in a victim’s (client) browser in order to deface websites, compromise sessions, or redirect users to malicious websites. The vulnerability lies in using untrusted data to render HTML pages without validating, sanitizing, and escaping the values.