What is cross-site scripting and what are its types?

Cross-site scripting, or XSS, occurs when an attacker injects malicious scripts into web pages viewed by other users. Reflected XSS sends the script in a request and the server reflects it back in the response, typically through a crafted link. Stored XSS permanently stores the script on the server, such as in a forum post, affecting all users who view the page. DOM-based XSS modifies the page's Document Object Model in the browser without server involvement. XSS can steal session cookies, redirect users, or deface pages.