...In general, cross-site scripting holes can be seen as vulnerabilities which allow attackers to bypass these mechanisms. By finding clever ways of injecting malicious script into pages served by other domains, an attacker can gain elevated privilege to sensitive page content, session cookies, and a variety of other objects...