Cross-site scripting (XSS) is a type of:

Cross-site scripting (XSS) is classified as a code-injection attack. This type of attack occurs when an attacker is able to inject malicious scripts (often written in JavaScript) into web pages viewed by other users. When these scripts are executed in the browser of an unsuspecting user, they can compromise security, steal session cookies, redirect users to phishing websites, or manipulate content on the web page.

The crux of XSS being a code-injection attack lies in the exploitation of a web application’s trust in the browser. Unlike other types of attacks that may affect server-side components or involve denial of service mechanisms, XSS specifically targets client-side execution context. An attacker takes advantage of vulnerabilities in web applications that fail to properly sanitize user inputs, allowing them to insert and execute malicious code within the context of the web application that the victim is accessing.

In understanding this classification, it becomes clear why the other options don't fit the nature of XSS: Denial of Service attacks disrupt the availability of services rather than injecting code; phishing attacks focus on tricking users into divulging sensitive information without usually executing code in the user's browser; SQL injection attacks specifically target database manipulation rather than client-side script execution. Thus, the identification of XSS