Attackers who exploit cross-site scripting vulnerabilities take advantage of:

A.
a lack of proper input validation controls.

B.
weak authentication controls in the web application layer.

C.
flawed cryptographic secure sockets layer (SSL) implementations and short key lengths.

D.
implicit web application trust relationships.

Explanation:

Cross-site scripting attacks inject malformed input. Attackers who exploit weak application
authentication controls can gain unauthorized access to applications and this has little to do with
cross-site scripting vulnerabilities. Attackers who exploit flawed cryptographic secure sockets layer
(SSI.) implementations and short key lengths can sniff network traffic and crack keys to gain
unauthorized access to information. This has little to do with cross-site scripting vulnerabilities.
Web application trust relationships do not relate directly to the attack.