Which issue occurs when a web browser is sent data without proper validation?

Cross-site scripting (XSS) occurs when a web browser is sent data without proper validation, allowing an attacker to inject malicious scripts into webpages viewed by other users. This exploit typically takes advantage of web applications that do not adequately filter user input or output, thereby permitting harmful scripts to be executed in another user's browser. When a victim accesses a compromised page, the injected script can execute in their context, potentially stealing session cookies, redirecting users, or performing actions on behalf of the user without their consent.

The concept of data validation is crucial in maintaining the integrity and security of web applications; it ensures that input is safe and does not include harmful code. When validation processes are bypassed or inadequately implemented, the vulnerability to XSS can arise, leading to various risks and impacts for users and organizations alike. Understanding this vulnerability underscores the importance of implementing strict input validation and output encoding to protect against XSS attacks.