XSS is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. To prevent it, you can use input validation and output encoding. Here's an example in PHP:
$user_input = $_POST['user_input'];
$sanitized_input = htmlspecialchars($user_input, ENT_QUOTES, 'UTF-8');
echo $sanitized_input;
