What type of attack involves a malicious script being inserted directly into a vulnerable web application?

The attack that involves a malicious script being inserted directly into a vulnerable web application is classified as Stored XSS (Cross-Site Scripting). In this type of attack, the attacker is able to inject a script into the application's data storage, which is then retrieved and executed by the web browser of any user who accesses the affected web page.

The reason why this is particularly dangerous is that the malicious script is stored on the server and can affect any user who interacts with the web application. This persistent presence of the script makes it possible for attackers to exploit all users visiting the site, as they would all execute the script unknowingly.

Stored XSS can lead to various security issues, including session hijacking, redirecting users to malicious sites, or stealing user credentials, making it a critical vulnerability that web applications must defend against.

In contrast, other options such as Reflected XSS, CSRF, and Directory Traversal do not involve the persistent storage of malicious scripts within the application's data storage in the same manner as Stored XSS.