Cross site scripting or XSS vulnerabilities allow client side scripts (Javascript or Active X) from a third party to execute as if it originated from a trusted server.

This vulnerability is caused by unfiltered, unchecked input written to a web page by the trusted server. A third party may direct a user to send data to the trusted server. If the server expects non-script data but does nothing to ensure that no script is contained, it may pass the script back to the user to execute.

As a result a third party may be able to steal data such as the password of the user, read the user's private information, or act as the user.