Which web-based vulnerability allows an attacker to inject malicious code that is subsequently executed in the browser of another user, potentially hijacking session cookies, defacing pages, or performing actions on the user's behalf?
Cross-site scripting (XSS) occurs when a web application includes untrusted user input in its output without proper validation or encoding. The malicious script is delivered to a victim's browser, where it runs with the same privileges as the trusted site.
SQL injection targets backend databases, remote code execution typically happens on the server, and server-side request forgery forces a server to make unintended requests-none of these involve executing code in another user's browser.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a client-side vulnerability?
Open an interactive chat with Bash
What is code injection?
Open an interactive chat with Bash
What is the difference between server-side and client-side vulnerabilities?