In which attack is a user tricked into submitting a malicious form request on a banking website?

The correct answer is CSRF (Cross-Site Request Forgery). This type of attack occurs when a malicious actor tricks a user into performing an action on a web application in which they are authenticated, such as a banking website. The user is typically enticed to click a link or load a webpage that sends a forged request to the web application, utilizing the user's session to execute potentially harmful actions without their consent.

CSRF exploits the trust that a web application has in the user's browser. For example, if a user is logged into their banking account, a CSRF attack can cause funds to be transferred without the user's explicit intention. The critical aspect here is that the attack relies on the fact that the browser includes the user's session cookies with the malicious request, thus authenticating the user without their awareness.

In contrast, the other options relate to different types of vulnerabilities. Reflected and stored XSS involve injecting malicious scripts into web pages that execute in the context of the user's browser, which is fundamentally different from tricking the user into submitting a request. Directory Traversal, on the other hand, exploits file system vulnerabilities to access restricted files on the server, not directly involving user input in the same manner as CSRF.