In simple terms, this is when your website or web app is compromised and a hacker injects malicious code which can infect a visiting user or steal cookies to impersonate them.

Example: Your website was custom built using a template that is no longer supported. Because the custom template is no longer supported, you no longer have the ability to update all the plugins on the website, leaving it vulnerable to attacks. XSS attacks are common, but not exclusive, to sites that have forums or message boards. I have heard of cases where well known medical forums have been compromised, and users have been blackmailed by threats to publish their identity through what they thought were anonymous posts about sensitive medical conditions.

Risk Mitigation: Always ensure your website is updated to the latest plugins. If you're not sure, talk to your web designer. If a friend or family member built your site as a favour, and you haven't discussed it with them since, ask for a second opinion. There are great security scanners you can scan your site with.

Here are 6 Website Vulnerability scanners:

1. https://www.malcare.com/wordpress-malware-scan/

2. https://sitecheck.sucuri.net/

3. https://quttera.com/scanwebsite

4. http://www.unmaskparasites.com/

5. https://webscan.upguard.com/

6. https://observatory.mozilla.org/