Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › CROSS-SITE SCRIPTING (XSS) allows an attacker to

CROSS-SITE SCRIPTING (XSS) allows an attacker to

Amodify server files directly
Bencrypt all user files
Ccrash the database server
Dinject JS into another user's browser
Answer & Solution
Correct answer: D. inject JS into another user's browser
1. XSS: web app accepts untrusted input and embeds it into a page WITHOUT proper escaping/encoding. 2. Result: attacker-controlled JavaScript runs in the VICTIM'S browser, with the victim's session. 3. THREE TYPES: • REFLECTED: input in URL is reflected back in the response (e.g. search results page). • STORED: malicious script saved to DB and served to other users (e.g. blog comment). • DOM-based: client-side JS reads URL/inputs and modifies DOM unsafely. 4. MITIGATIONS: contextual OUTPUT ENCODING (HTML, JS, URL), Content-Security-Policy header, framework escaping (React's curly braces auto-escape). 5. Falls under A03: Injection in OWASP Top 10 2021 (XSS was its own category in 2017). _Source: OWASP Top 10 2017 — A7 (XSS); 2021 — A03 (Injection)._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions