Certified Ethical Hacker (CEH v10) — Question 182
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
Answer options
- A. Cross-site scripting vulnerability
- B. Web site defacement vulnerability
- C. SQL injection vulnerability
- D. Cross-site Request Forgery vulnerability
Correct answer: A
Explanation
The correct answer is A, as preventing users from entering HTML is a common measure to mitigate cross-site scripting (XSS) attacks, which exploit the ability to inject malicious scripts. The other options, such as web site defacement, SQL injection, and Cross-site Request Forgery, do not specifically relate to the input of HTML as a security concern.