Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.