A vulnerability that allows attackers to inject malicious code into an otherwise benign website.
These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user-supplied data from requests or forms without sanitizing the data so that it is not executable.
NIST SP 800-63-3
Cross-Site Scripting is a security flaw found in some Web applications that enables unauthorized parties to cause client-side scripts to be executed by other users of the Web application.
NISTIR 7711 under Cross-Site Scripting