diff --git a/files/en-us/web/security/attacks/index.md b/files/en-us/web/security/attacks/index.md
index 589bc1a70a4bcf0..6ae553a16176ae7 100644
--- a/files/en-us/web/security/attacks/index.md
+++ b/files/en-us/web/security/attacks/index.md
@@ -9,4 +9,4 @@ In web security, an attack is a specific method an attacker uses to achieve thei
 This page links to pages explaining how some common attacks work, and how they can be mitigated.
 
 - [Cross-site scripting (XSS)](/en-US/Web/Security/Attacks/XSS)
-  - : A cross-site scripting (XSS) attack is one in which an attacker is able to execute their code in the context of the target website.
+  - : In a cross-site scripting (XSS) attack, a website accepts some input crafted by the attacker and mistakenly includes this input in the site's own pages in a way that makes the browser execute it as code. The malicious code can then do anything that the site's own front-end code could do.