Certified Ethical Hacker (CEH v11) — Question 261

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

Answer options

• A. Cross-site scripting vulnerability
• B. SQL injection vulnerability
• C. Web site defacement vulnerability
• D. Gross-site Request Forgery vulnerability

Correct answer: A

Explanation

The correct answer is A, as preventing HTML input is a common measure to mitigate Cross-site scripting (XSS) vulnerabilities, where attackers inject malicious scripts into web applications. The other options, such as SQL injection and Web site defacement, focus on different attack vectors that do not directly relate to the input of HTML content.