In a cross-site scripting attack, the attacker attempts to use scripting commands in the URL itself, or through a device, such as a web form, to gain administrator, or some other elevated level of user privileges in an attempt to force the victim's server to display the desired data on screen. Malicious scripts are injected into otherwise benign and trusted websites during this type of attack.
