XSS stands for Cross-site scripting, and it's a security vulnerability. It's when an attacker can inject certain code into a vulnerable website, which could decieve or take over an account of a victim.
Let's say I have an input field on my website, where anybody can leave a comment. This comment will, for simplicity, replace the previous comment.
<div>
Hah! This is such a cool site!