Which type of attack involves injecting code into a company's website to target users?

Cross-Site Scripting (XSS) is a type of attack where an attacker injects malicious scripts into trusted websites. This method allows the attacker to execute code in the context of a user's browser, typically targeting unsuspecting users who visit the compromised site.

In an XSS attack, the malicious code is often written in JavaScript and can perform actions such as stealing cookies, session tokens, or any other sensitive information that can be accessed through the user's browser. The attack occurs because the web application does not properly validate or sanitize user input, allowing the injected script to be executed when other users access the compromised page.

This attack capitalizes on the trust that users have in a particular website, making it especially dangerous. If successful, XSS can lead to account hijacking and other forms of unauthorized access.