A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?

A threat actor has used malicious commands to trick the database into returning unauthorized records and other data. Which web front-end vulnerability is the threat actor exploiting?

• cross-site scripting
• broken authentication
• security misconfiguration
• SQL injections

Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:
- Cross-site scripting : In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
- SQL injections : In a SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
- Broken authentication : Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
- Security misconfiguration : Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Exam with this question: IoT Sec 1.1 Fundamentals: IoT Security Final Exam Answers
Exam with this question: 6.6.2 Module 6: Application Deployment and Security Quiz