Hello , I was hopeing someone or some people could explain something to me.

I have been seeing alot about cross site scripting problems and all the demo's show Just a box that comes up and says testing. I know that that is just a non-dangerous way of showing that it is there. What all can be done besides this box that says testing.

I am not asking how to do it , nor am I going to go off and attempt to try it , I just want to understand the risks with cross site scripting. Like is java script the only script that can be run with it or if the server has php installed will it run that script too.

I also know that you can read cookie files with java, but what I dont understand is how can that do anything. Wont they ( hacker ) be reading their own cookie on their own computer or can you somehow access other computers. And also arent most cookies usernames or passwords encrypted with MD5.

look forward to your answers