Answer-Which type of attack allows an attacker to inject malicious scripts into a trusted website to execut...

Question

Accepted Answer

Cross-Site Scripting XSS is a type of attack where an attacker injects malicious scripts into a trusted website. These scripts execute in the victims browser, often stealing sensitive information like session cookies, credentials, or personal data. XSS exploits vulnerabilities in web applications that do not properly validate or escape user inputs. For example, in a forum application, if the input field for comments does not sanitize input, an attacker could inject  tags to execute JavaScript in other users browsers.    Impact XSS can lead to data theft, identity theft, session hijacking, and even defacement of websites.   Prevention Developers must validate and sanitize inputs, use Content Security Policy CSP, and encode outputs to prevent injection of scripts.    Why Other Options Are Incorrect    Cross-Site Request Forgery CSRF CSRF tricks a victim into performing an action on a site where they are authenticated, such as transferring funds. It does not involve script injection.   SQL Injection In SQL Injection, malicious SQL queries are injected to manipulate a database, not browser execution of scripts.   Brute Force Attack A Brute Force Attack tries every possible combination of credentials to gain unauthorized access. It does not involve injecting scripts.   Distributed Denial-of-Service DDoS DDoS floods a server with excessive requests to disrupt services. It doesnt target script execution in browsers.

Which type of attack allows an attacker to inject malicious scripts into a trusted website to execute in a victim's browser?

Detailed Solution