Suegorgeous at 09 Apr 11 - 08:30 PM asked for an explanation of scripting and cross-site scripting, and The Fooles Troupe provided a Wikipedia reference that gives a fairly technical description.
As was described, a script is a scrap of code that tells your computer to do someting.
A cross-site script is a script that tells your computer go to, or to do something on, another website. The other website (site #2) that the script sends you to can go to a third website (site#3) to get the instructions that are actually relayed back to your computer (#1).
All this, which can get rather entangled and confusing, is perfectly normal and "accepted by the community" as appropriate behavior.
The concern is with "cross-site scripting vulnerabilities" that allow an outside party to place script on site #2 or site #3 that looks like it does what those sites intended, but actually connects you to another site (#4) where malicious junk can be downloaded to your computer, or where information on your computer can be accessed. The majority of such scripts are intended to "look like they go to" a different site than the one they actually connect to; but that's not really a necessary part of the definition.
The term "XSS" is generally used only to refer to the vulnerabiities that permit malicious parties to modify code on "server sites" and/or to the malware scripts that exploit one of the vulnerabilities to do so.
The article linked is from eWeek, which normally is a "trusted source" known for reliable reporting, but at this point I'd consider this one an "unconfirmed but probably valid" report. It does give some fairly detailed (but in reasonably simple language) explanation of how the whole scam method works in one fairly typical case, and the description is good even if the warning is overblown.
The XSS vulnerabiities do exist, and have the potential to do much more harm than has been seen thus far. They are not limited to any one browser or operating system.
Microsoft has chosen to incorporate "a defense" in the most recent browsers that gives annoying notices, that cripples browsing performance, and that does NOT ALLOW the user to turn it off.
Others "silently limit" some aspects of performance without necessarily telling you what they're doing.
Since the vulnerabilites that have caused the concern are primarily on the servers, it is mostly the webmasters who are being forced to handle the problem. Nobody believes that it can be done simply, and as yet there are few clear ways of approaching generally reliable fixes.
Clearly, Max is working the problem, and needs our support, patience, and good humor until this is resolved.