CompTIA CySA+ CS0-003 Practice Question
A web application security auditor notices that a company’s web application displays search results directly in the web page without sanitizing or encoding the user's input. The auditor suspects that this behavior could allow an attacker to execute a type of vulnerability related to injecting malicious scripts. What type of vulnerability is likely to be present in this scenario?
Reflected cross-site scripting
SQL injection
Persistent cross-site scripting
Cross-site request forgery (CSRF)