Certified Ethical Hacker (CEH v11) — Question 18

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Answer options

• A. LDAP Injection attack
• B. Cross-Site Scripting (XSS)
• C. SQL injection attack
• D. Cross-Site Request Forgery (CSRF)

Correct answer: B

Explanation

The correct answer is B, Cross-Site Scripting (XSS), because it specifically refers to the injection of malicious scripts into web pages. Option A, LDAP Injection, targets directory services, while C, SQL Injection, exploits database vulnerabilities, and D, Cross-Site Request Forgery, tricks users into executing unwanted actions on a different site. None of these involve injecting scripts into web pages viewed by others.