Cross Site Scripting (XSS) is a well-known and widespread vulnerability that can be present on a large number of web applications. XSS works when an attacker injects content into a website to modify how it’s displayed, so that when the victim accesses that page their browser will render the code that’s been injected by the attacker. An attacker will seek to do this in order to display harmful content or perform a certain action that will pose a threat to the user.
XSS vulnerabilities in web applications generally require some kind of interaction from a user as a trigger for it to be executed. This could be from the admin panel of WordPress, for example, where the use of a plugin with a notable XSS vulnerability can force your browser to create new users, edit posts and perform other similar actions on behalf of a website. Once this level of control is gained the attacker is able to make wholesale changes to your website with admin access, which could be highly damaging to your business.