Cross Site Scripting (XSS) is a situation where by attacker injects HTML code, which is then displayed on the page without further validation.