diff --git a/glossary/Cross-site-scripting.md b/glossary/Cross-site-scripting.md
new file mode 100644
index 000000000..f149054a8
--- /dev/null
+++ b/glossary/Cross-site-scripting.md
@@ -0,0 +1,3 @@
+### Cross-site scripting (XSS)
+
+XSS refers to client-side code injection where the attacker injects malicious scripts into a legitimate website or web application. This is often achieved when the application does not validate user input and freely injects dynamic HTML content.