Which term refers to a browser-based attack where a malicious script is delivered via a trusted site to compromise the client?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which term refers to a browser-based attack where a malicious script is delivered via a trusted site to compromise the client?

Cross-site scripting is when an attacker injects malicious script into content that a trusted website serves, and the victim’s browser runs that script as if it came from that site. This enables the attacker to compromise the client by exfiltrating cookies, session tokens, or performing actions in the user’s session. The scenario described—a trusted site delivering code that runs in the user’s browser to affect the client—fits XSS exactly. Other options refer to different concepts: clickjacking tricks the user into clicking something else without delivering a harmful script from the trusted site; a DOM-based attack is a subtype of XSS where the malicious behavior is triggered by manipulating the page’s DOM on the client side; and “malicious script injection” is a broad phrasing that doesn’t name the standard vulnerability class.

Which term refers to a browser-based attack where a malicious script is delivered via a trusted site to compromise the client?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Which term refers to a browser-based attack where a malicious script is delivered via a trusted site to compromise the client?

Get the latest from Examzify