CompTIA CySA+ (CS0-003) — Question 30

While reviewing web server logs, a security analyst found the following line:

< IMG SRC='vbscript:msgbox("test")' >

Which of the following malicious activities was attempted?

Answer options

• A. Command injection
• B. XML injection
• C. Server-side request forgery
• D. Cross-site scripting

Correct answer: D

Explanation

The correct answer is D, Cross-site scripting, because the line attempts to execute a VBScript through an image tag, which is a common way to introduce scripts into webpages. The other options, such as command injection, XML injection, and server-side request forgery, do not apply to this specific attempt which focuses on executing client-side scripts in the user's browser.