It is a special case of code injection in which an attacker introduces malicious code into a website by altering the information sent by a trusted source (often another website). The website receiving the information will execute the malicious code, thus granting access to otherwise protected data.