While testing web applications, you attempt to insert the following test script into the search area on the company’s web site:
<script>alert(‘Testing Testing Testing’)</script>
Afterwards, when you press the search button, a pop up box appears on your screen with the text "Testing Testing Testing". What vulnerability is detected in the web application here?
A.
A hybrid attack
B.
A buffer overflow
C.
Password attacks
D.
Cross Site Scripting
Explanation:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewedby other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.