This is complicated, for it covers a lot of ground that you don't know, but each step in the chain of what it is going on is important to understand (to some degree!) if you want to get a vague understanding of the overall process, but I'll try. Try reading it more than once, with a little time in between to let your mind learn new concepts slowly.

A 'script' is a set of instructions for the computer to follow.

It may be in any 'high level' computer language - that is a special set of instructions designed to be decoded by the computer into instructions it can understand (the 'machine code' of the hardware).

'Cross site scripting'
I had put a link to this - it must have been in another thread.

http://en.wikipedia.org/wiki/Cross-site_scripting
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.[1] Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner.

To explain that a bit - all systems can have flaws. For instance if you try to jam too many socks into your cupboard drawer, something may break, or they will fall out the back into the drawer underneath. If you try to load too long a string of data into an area of the computer memory, it may load data too long to fit into the intended area, and may overflow into other areas, unless checks are first made to see if it is too long, in which case you should get an error. Badly written code sometimes doesn't do such checks (the writer forgets to do that).

Now we come to 'side effects' - unintended consequences of doing unexpected things (from the viewpoint of the computer blindly munching away at its set of instructions). The objects that store information are stored in the computer memory as length of bytes - numbers, one after the other like washing pegged on a line. These numbers get interpreted as 1) data (a name, say), 2) a location - an address in the memory that a subsequent step of execution of code later on may use as a place to get the location to jump to to start executing code needed for a service - say printing a file, etc 3) a number of other things I won't confuse you more with explanations of, but each one is important for its designated purpose.

Now, if you are clever or just patient enough 'mucking around', if the computer loads a string of numbers too long to fit in the intended place, and doesn't check that it loads data the correct length - it will overrun the intended location and start jamming crap into other locations . The trick is to jam the correct (from the point of view of the hacker) crap in the right wanted (but wrong from the original design) locations.

Now when the computer comes to look later at that tampered with location, eg to print a file, instead of jumping to the location where it finds the code to print a file, it will now end up where the hacker wants it, executing 'nasty' code that may now be able to do unwanted things, such as send your bank details off, etc.

The XSS thingy stuff works similar to the concepts described but in your web browser - fooling it into doing similar such unwanted things, and may be used to load 'a virus' (in general vague terms) that you won't know about, and the hacker then may have ways to control (through the 'scripting' attached to the clever jamming of unexpected data into certain locations) where the browser goes by giving it false sites such as a faked bank site, inject advertising, steal data from your computer, etc.

That's as simple for the 'totally computer dumb' as I can get it at the moment... :-)