Free CompTIA Security+ SY0-701 Practice Question

Cross-site scripting (XSS) is the vulnerability exploited when attackers inject malicious code into a web application, which is then executed by other users' browsers. This happens when user input is not properly validated or encoded before being included in web pages. XSS can lead to theft of session tokens, personal data, and other malicious activities.

Cross-site request forgery (CSRF) involves tricking authenticated users into performing unwanted actions without their consent but does not involve injecting code into users' browsers. SQL injection targets the database by injecting malicious SQL queries, not code executed in users' browsers. Remote file inclusion allows an attacker to include a remote file on the web server, which is different from injecting code that runs in client browsers.