Cross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages, potentially leading to data theft, session hijacking, site defacement, and malware distribution. It happens when web applications fail to properly sanitize user inputs or other dynamic content.