CompTIA PenTest+ (PT0-001) — Question 65

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

Answer options

• A. Stored XSS
• B. Fill path disclosure
• C. Expired certificate
• D. Clickjacking

Correct answer: A

Explanation

Stored XSS is considered the most critical vulnerability as it allows an attacker to inject malicious scripts that are stored on the server and executed in the context of the user's browser, potentially affecting many users. In contrast, fill path disclosure may provide information but does not directly exploit the application, an expired certificate is a minor issue regarding trust, and clickjacking typically requires additional user interaction to exploit.