Which of the following correctly describes the primary

Solution

Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) are both web security vulnerabilities, but they operate in distinct ways:

• CSRF tricks authenticated users into performing unintended actions on behalf of an attacker by exploiting trust in the user's session. For example, if a logged-in user clicks on a malicious link, the attacker could execute unwanted actions (e.g., fund transfers). CSRF exploits flaws in how web applications handle session tokens or cookies.
• XSS , on the other hand, involves injecting malicious scripts into a web application to execute in the victim’s browser. It primarily targets input validation and output encoding flaws to display or execute harmful code in the user's context.

• Option A: Both CSRF and XSS target the user’s browser, but XSS also indirectly impacts the application.
• Option C: CSRF does not rely on executing JavaScript; it typically involves sending crafted HTTP requests.
• Option D: CSRF does not inherently depend on phishing; it can occur through any malicious link, such as in a forum or ad.
• Option E: CSRF and XSS are protocol-agnostic and can occur over both HTTP and HTTPS.