What are cross-site scripting (XSS) attacks?

During a cross-site scripting (XSS) attack, cybercriminals inject code into your website to perform actions such as redirecting users to a malicious website or stealing passwords.

Case study:

In 2018, British Airways suffered an XSS attack in which the banking details of more than 400,000 customers were intercepted.

In the same year, one of Ticketmaster's suppliers suffered a similar attack, leaking the data of 40,000 Ticketmaster customers.