, which now executes in the browser of every visitor who views that comment thread. Which type of attack does this indicate?","acceptedAnswer":{"@type":"Answer","text":"Stored cross-site scripting (XSS)"},"suggestedAnswer":[{"@type":"Answer","text":"SQL injection"},{"@type":"Answer","text":"Directory traversal"},{"@type":"Answer","text":"Server-side request forgery"}]}]}
🔥 3-day streak
CompTIA Security+ (SY0-701)26 / 150
Question 26 of 150

A web application security analyst reviews logs after users report unexpected pop-up windows appearing when they visit a company forum page. Investigation shows that a submitted forum comment contained the string <script>alert(document.cookie)</script>, which now executes in the browser of every visitor who views that comment thread. Which type of attack does this indicate?

Reviewed for accuracy · Report an issueNext question →