Which vulnerability allows the injection of malicious scripts into web pages?

Cross-Site Scripting (XSS) is a type of vulnerability that enables attackers to inject malicious scripts into web pages viewed by other users. This occurs when an application includes untrusted data in the web pages it sends to users without proper validation or escaping, allowing the attacker’s script to execute in the context of the victim’s browser.

When a user visits a compromised page, the malicious script can execute and perform various harmful actions, such as stealing cookies, session tokens, or other sensitive information, and potentially take control of the user's session. This is particularly concerning in web applications that are heavily interactive or rely on user-generated content.

In contrast, the other vulnerabilities listed involve different types of attacks:

• SQL Injection focuses on manipulating SQL queries in a database context, allowing attackers to execute unauthorized database commands.

• Buffer Overflow is associated with writing more data to a buffer than it can hold, leading to potential arbitrary code execution or crashes but not specifically related to scripting in web pages.

• Command Injection occurs when an attacker can execute arbitrary commands on the host operating system through an application that does not properly sanitize user input.

Thus, the unique aspect of XSS lies in its capability to execute scripts within the user's browser session, making it a distinct