Cross-site Scripting

CSS is already used for Cascading Style Sheets.

XSS is a more descriptive abbreviation for the attack.

The 'X' stands for "eXploit" in this context.

It differentiates it from client-side scripting.

Exploiting vulnerabilities in network protocols.

Injecting malicious SQL queries into databases.

Taking advantage of JavaScript execution in a user's browser.

Overloading server resources with excessive requests.

To display an alert message to the victim.

To encrypt the victim's hard drive.

To send the victim's private data (like session cookies) to the attacker.

To redirect the victim to a different, untrusted website.

Yes

No

The malicious payload is delivered directly to a specific user via email.

The attack requires the user to download and install a malicious application.

The malicious payload is stored on a third-party website and affects all viewers.

It primarily targets the server-side database, not the user's browser.

The tokens were easily guessable due to simple algorithms.

The tokens were only valid for a very short period, causing frequent re-logins.

The tokens never expired, granting indefinite access to user accounts and vehicle controls.

The tokens were transmitted unencrypted, making them vulnerable to interception.