This is one of the vulnerability which features in OWASP top 10 vulnerabilities. This vulnerability allows an attacker to make a cross site connection with a malicious site. let’s understand this attack with a scenario. Suppose you just login into your bank account and establish a session and suddenly attacker sends you malicious link in which he has embedded a javascript code in an image to make transactions into his own account. As soon as you open that link, the javascript code that is embedded in an image on that website, will start doing malicious transactions from your account. Thus ,this javascript that is embedded to do some malicious task on another site, is known as cross-site scripting.