Cross-site scripting (XSS) occurs when malicious scripts are injected into otherwise benign and trusted websites. The scripts, which are often injected by attackers into forums, guestbooks, or other public servers, can steal user session cookies and passwords, rewrite pages, redirect users, and install malware. XSS vulnerabilities allow these scripts to masquerade as legitimate content on a vulnerable site and can impact all users. Proper output encoding of untrusted data when displayed on a website is recommended to prevent XSS flaws.