Which vulnerability arises from insecure coding techniques causing improper input validation, often with CSRF and SQL injection?

Cross-site scripting arises when code is written insecurely and user input isn’t properly validated or encoded, allowing untrusted data to be inserted into a page as executable script in the victim’s browser. This happens when input is reflected, stored, or manipulated in the DOM without appropriate escaping, so injected scripts run in the context of other users. CSRF and SQL injection are related input-related issues but affect different layers—the former abuses a user’s authenticated state to perform actions, the latter manipulates server-side queries—whereas XSS targets the client side by delivering script payloads. Prevent by validating and sanitizing input, escaping output for its context (HTML, attributes, JavaScript), using secure frameworks, and applying a Content Security Policy to reduce or block inline scripts.