CompTIA Security+ (SY0-701) — Question 413

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Answer options

• A. SQL injection
• B. Cross-site scripting
• C. Zero-day exploit
• D. On-path attack

Correct answer: B

Explanation

The correct answer is B, Cross-site scripting, as it specifically refers to the injection of scripts into web applications, compromising the user's browser. Option A, SQL injection, targets databases rather than web clients. Option C, Zero-day exploit, refers to unpatched vulnerabilities, and option D, On-path attack, involves intercepting communications rather than scripting vulnerabilities.