Short for "Cross-site Scripting Attack". These happen when a user/hacker enters code where code should not be. For example, the effect on this page could be produced by writing the following code in an unsanitised input:

<style>*{transform:rotate(2deg)}</style>