XSS
Cross-Site Scripting
A security vulnerability where malicious scripts are injected into web pages. Salesforce provides built-in XSS protection in Lightning components and enforces encoding in Visualforce.
Example use case
A security review flags a Visualforce page using unescaped merge fields, and the developer fixes it by adding HTMLENCODE to prevent XSS attacks.