A user enters confidential data on a web site while performing a task. What vulnerability arises if this data is redisplayed without encoding as HTML entities?

The situation described involves a user entering confidential data that, if redisplayed without proper encoding, can lead to security vulnerabilities. When data is not encoded as HTML entities before being displayed on a webpage, it can be manipulated by an attacker using malicious input, ultimately leading to the unintended execution of scripts in the user's browser. This scenario is characteristic of non-persistent Cross-Site Scripting (XSS) attacks.

In such a case, an attacker might inject a script into a form field or input, and when the data is redisplayed without proper sanitization or encoding, the script will execute in the context of the authenticated user's session. This can lead to the theft of sensitive information, session hijacking, or other malicious actions. Non-persistent XSS specifically refers to such attacks where the injected script is not stored on the server but rather executed directly from user input.

Other vulnerabilities mentioned, such as stored SQL Injection and Open Redirect, involve different mechanisms and attack vectors. Stored SQL Injection pertains to database manipulation via malicious SQL code, while Open Redirect deals with redirecting users to untrusted websites. Cross-Site Request Forgery (CSRF) involves tricking a user's browser into executing unwanted actions on a different site while they are authenticated. None of