Certified Ethical Hacker (CEH v10) — Question 115
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
Answer options
- A. Cross-site scripting vulnerability
- B. Session management vulnerability
- C. SQL injection vulnerability
- D. Cross-site Request Forgery vulnerability
Correct answer: A
Explanation
The correct answer is A, as allowing HTML input can lead to Cross-site scripting (XSS) attacks where malicious scripts can be executed in the user's browser. The other options are incorrect because Session management vulnerabilities relate to user sessions, SQL injection involves manipulating database queries, and Cross-site Request Forgery (CSRF) involves tricking users into executing unwanted actions on a different site.