New RBI Grade B 2025 Notification will come Soon! Enroll Here

    Question

    Which of the following best describes the mechanism of a

    Cross-Site Scripting (XSS) attack?
    A Exploiting vulnerabilities in a database to inject malicious SQL queries Correct Answer Incorrect Answer
    B Tricking users into executing unintended actions on a web application they are authenticated with Correct Answer Incorrect Answer
    C Injecting malicious scripts into web pages viewed by other users Correct Answer Incorrect Answer
    D Overwhelming a server with excessive traffic to disrupt service availability Correct Answer Incorrect Answer
    E Using trial-and-error methods to guess valid user credentials Correct Answer Incorrect Answer

    Solution

    A Cross-Site Scripting (XSS) attack involves injecting malicious scripts, typically JavaScript, into web pages that are later viewed by other users. This attack exploits vulnerabilities in web applications that fail to properly validate or sanitize user inputs. When a victim visits the compromised web page, the malicious script executes in their browser, potentially stealing sensitive data, hijacking sessions, or defacing websites. XSS is categorized into three types: reflected, stored, and DOM-based. Stored XSS is particularly dangerous because the malicious script is permanently stored on the server and served to multiple users. For instance, attackers might inject a script into a comment section of a blog, and every user viewing the comments becomes a victim. Proper input validation, output encoding, and Content Security Policy (CSP) implementation are essential defenses against XSS. Why Other Options Are Incorrect :

    1. Exploiting vulnerabilities in a database to inject malicious SQL queries : This describes SQL Injection, which targets backend databases rather than injecting scripts into web pages.
    2. Tricking users into executing unintended actions on a web application they are authenticated with : This is a Cross-Site Request Forgery (CSRF) attack, not XSS.
    3. Overwhelming a server with excessive traffic to disrupt service availability : This refers to Distributed Denial-of-Service (DDoS) attacks, unrelated to injecting scripts.
    4. Using trial-and-error methods to guess valid user credentials : This describes a Brute Force attack, which involves guessing passwords and does not involve script injection.

    Practice Next