A company's web application includes user input in web pages without proper validation or encoding. Attackers inject code that runs in the browsers of other users, potentially stealing session tokens and personal data. Which vulnerability is being exploited by attackers?
Cross-site scripting (XSS) is the vulnerability exploited when attackers inject malicious code into a web application, which is then executed by other users' browsers. This happens when user input is not properly validated or encoded before being included in web pages. XSS can lead to theft of session tokens, personal data, and other malicious activities.
Cross-site request forgery (CSRF) involves tricking authenticated users into performing unwanted actions without their consent but does not involve injecting code into users' browsers. SQL injection targets the database by injecting malicious SQL queries, not code executed in users' browsers. Remote file inclusion allows an attacker to include a remote file on the web server, which is different from injecting code that runs in client browsers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of Cross-Site Scripting (XSS)?
Open an interactive chat with Bash
How can web applications prevent Cross-Site Scripting (XSS) attacks?
Open an interactive chat with Bash
What are session tokens and how can they be compromised through XSS?