Practice free →
HomeSoftware TestingSoftware Testingadvanced_security_performance › Cross Site Scripting (XSS) is primarily a

Cross Site Scripting (XSS) is primarily a

AClient side attack via injected scripts
BServer side attack on database engines
CNetwork layer attack on TCP packets
DDisk attack on file system permissions
Answer & Solution
Correct answer: A. Client side attack via injected scripts
XSS exploits insufficient output encoding so attacker scripts run in victim browsers. Variants: reflected (URL), stored (DB), DOM-based. Mitigations: context-aware output encoding, CSP, sanitisation libraries.
Solve this in the app — Software Testing practice & 24k+ MCQs →
Related questions