What is the web application attack that injects client-side script into web pages viewed by other users?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

What is the web application attack that injects client-side script into web pages viewed by other users?

Explanation:
The concept being tested is Cross-Site Scripting. This attack happens when an attacker manages to inject or embed client-side script into web pages that other users will view. When those pages load in a victim’s browser, the malicious script runs within the victim’s session, which can allow the attacker to read cookies or tokens, steal credentials, deface content, or perform actions on behalf of the user. The injection can occur in different ways: stored XSS where the script is saved on the server, reflected XSS where the script appears in a URL parameter, or DOM-based XSS where the page’s client-side code processes untrusted input to generate new scripts. Understanding why this differs from the other options helps reinforce the distinction: SQL Injection targets the database by injecting malicious queries through input fields to manipulate data, not to run scripts in another user’s browser. Clickjacking uses transparent or hidden overlays to trick a user into clicking something they didn’t intend, without injecting executable scripts into pages viewed by others. Cross-site request forgery relies on tricking a user into submitting a request that performs an action on a site where they’re authenticated, again without injecting client-side scripts into pages.

The concept being tested is Cross-Site Scripting. This attack happens when an attacker manages to inject or embed client-side script into web pages that other users will view. When those pages load in a victim’s browser, the malicious script runs within the victim’s session, which can allow the attacker to read cookies or tokens, steal credentials, deface content, or perform actions on behalf of the user. The injection can occur in different ways: stored XSS where the script is saved on the server, reflected XSS where the script appears in a URL parameter, or DOM-based XSS where the page’s client-side code processes untrusted input to generate new scripts.

Understanding why this differs from the other options helps reinforce the distinction: SQL Injection targets the database by injecting malicious queries through input fields to manipulate data, not to run scripts in another user’s browser. Clickjacking uses transparent or hidden overlays to trick a user into clicking something they didn’t intend, without injecting executable scripts into pages viewed by others. Cross-site request forgery relies on tricking a user into submitting a request that performs an action on a site where they’re authenticated, again without injecting client-side scripts into pages.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy