Is an attack in which an attacker injects malicious executable script into the code of a trusted application or website attacker often initiate and cross site scripting attack by sending a malicious link to a user, and enticing the user to click it