Cross-site scripting

Cross-site scripting is a security vulnerability that allows a person to inject malicious code into the content of a foreign website (or other service), making it appear to other users and their systems as if the code was valid and originating from the aforementioned website. This can lead to JavaScript on his machine - UserB has found a way to inject/insert his own JavaScript code into example.com (for example into a bulletin board message) and inserts a malicious script that asks for people's credit card numbers and stores them somewhere where UserB can access them - UserA visits example.com and UserB's script asks for his/her credit card number. Thinking that this is a legitimate request from example.com, UserA blissfully provides his credit card number. - UserB has effectively 'stolen' UserA's credit card number using Cross-site scripting and some social engineering.