'Cross-Site Scripting (XSS)' is identified as a security flaw commonly present in web applications. This vulnerability allows attackers to embed client-side scripts into web pages that other users access, potentially circumventing access controls and gaining access to sensitive information.

XSS attacks happen when an application incorporates untrusted data into a webpage without adequate validation or escaping. This lapse enables attackers to execute scripts in the browsers of unsuspecting users, leading to potential outcomes like session hijacking, website defacement, or redirection to harmful sites.