Certified Cloud Security Professional – CCSP – Question046

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

A.
Missing function level access control
B. Cross-site scripting
C. Cross-site request forgery
D. Injection

Correct Answer: B

Explanation:

Explanation: Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user’s browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user’s browser with the user’s own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user’s own computer that their browser has the ability to access.