EC-Council Certified Security Specialist (ECSS) — Question 3

Which of the following attack allows attackers to bypass client-ID security mechanisms and gain access privileges, and then inject malicious scripts into specific web pages?

Answer options

• A. Cross-Site Scripting (XSS)
• B. Buffer Overflow
• C. Denial-of-Service
• D. Parameter/Form Tampering

Correct answer: A

Explanation

Cross-Site Scripting (XSS) is the correct answer because it specifically involves injecting malicious scripts into web pages, allowing attackers to exploit client-side vulnerabilities. The other options, such as Buffer Overflow and Denial-of-Service, do not focus on bypassing client-ID security or injecting scripts, while Parameter/Form Tampering mainly deals with altering data sent to the server.