nerdexam
EC-Council

312-50V13 · Question #166

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

The correct answer is A. Cross-site-scripting attack. Cross-site scripting (XSS) is a web vulnerability where unsanitized user input is reflected in web pages, allowing attackers to execute malicious scripts in other users' browsers.

Submitted by yasin.bd· Mar 6, 2026Hacking Web Applications

Question

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. What is this attack?

Options

  • ACross-site-scripting attack
  • BSQL Injection
  • CURL Traversal attack
  • DBuffer Overflow attack

How the community answered

(42 responses)
  • A
    90% (38)
  • B
    5% (2)
  • C
    2% (1)
  • D
    2% (1)

Why each option

Cross-site scripting (XSS) is a web vulnerability where unsanitized user input is reflected in web pages, allowing attackers to execute malicious scripts in other users' browsers.

ACross-site-scripting attackCorrect

A Cross-site scripting (XSS) attack specifically occurs when a web application takes untrusted user input and includes it in the generated HTML page without proper sanitization. This allows an attacker to inject client-side scripts, which are then executed by other users' browsers, potentially leading to session hijacking, defacement, or redirection.

BSQL Injection

SQL Injection attacks involve injecting malicious SQL queries into data input fields to manipulate or extract data from a database, not to execute scripts in a user's browser via unsanitized display.

CURL Traversal attack

URL Traversal (or Directory Traversal) attacks exploit vulnerabilities that allow an attacker to access files or directories outside the intended web root by manipulating path elements in a URL, which is different from script execution in a browser.

DBuffer Overflow attack

Buffer Overflow attacks occur when a program attempts to write more data into a fixed-size buffer than it can hold, overwriting adjacent memory and potentially executing arbitrary code; this is a low-level memory vulnerability, typically server-side, not a web content display issue.

Concept tested: Cross-site scripting (XSS) vulnerability

Source: https://owasp.org/www-community/attacks/xss/

Topics

#Cross-site scripting (XSS)#Web application vulnerabilities#Input validation

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice