Cross-Site Scripting (XSS) is a security vulnerability found in web applications that allows attackers to inject malicious scripts into content delivered to users, potentially leading to data theft, session hijacking, and defacement. It exploits the trust a user has in a particular website by executing scripts in the user's browser, which are then used to manipulate web pages or steal information without the user's consent.