A special case of code injection in which an attacker introduces malicious code into a website by altering the information sent by a trusted source (often another website). The website receiving the information will execute the malicious code, thus granting access to otherwise protected data. Although there are similarities, XSS should not be confused with SQL injection; the latter is used to attack databases only, and there is no notion of ‘trust’, as it makes use of user data, which is generally considered unsafe.