Cross-site scripting (XSS) is a web application vulnerability where attackers inject malicious scripts into web pages viewed by other users. It allows the attacker to execute scripts within the victim's browser, potentially leading to session hijacking or data theft.