Certified Ethical Hacker (CEH v10) — Question 60

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Answer options

• A. SQL injection attack
• B. Cross-Site Scripting (XSS)
• C. LDAP Injection attack
• D. Cross-Site Request Forgery (CSRF)

Correct answer: B

Explanation

The correct answer is B, Cross-Site Scripting (XSS), as it directly involves injecting scripts into web pages that are then viewed by other users. Option A, SQL injection attack, pertains to database query manipulation, while option C, LDAP Injection attack, involves directory service manipulation. Option D, Cross-Site Request Forgery (CSRF), tricks users into executing unwanted actions on a different site, rather than injecting scripts.