Cross-site scripting is when a website tries to run a script against another unrelated site. This is a common means of attempting to attack a website; theoretically it shouldn’t be possible, but security flaws sometimes sneak through the cracks.
It could be innocuous; it could be a ‘false positive’ from NoScript (ie, it’s finding a problem when there isn’t one), or it could be an innocent misconfiguration error on the web server. It could also be malicious in intent. How to tell the difference will largely depend on context (ie, how trustworthy is the site you’re on, and how likely is it that it’s hosting adverts that may be carrying an unchecked payload?)