Cross-site scripting is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. From Wikipedia
Researcher Marek Tóth demonstrated DOM-based attacks that hijack autofill UI to exfiltrate credentials, TOTP codes, and payment data.
