What type of attack occurs when a user unknowingly clicks a link that reflects a malicious script back to their browser?

The type of attack where a user inadvertently clicks a link that returns a malicious script to their browser is known as reflected XSS, or reflected cross-site scripting. This attack occurs when the malicious script is embedded in a URL and, upon being accessed by the user, is reflected back to them by the web server in response to their request.

In this scenario, the script is not stored on the server; instead, it is generated on-the-fly and typically involves user input that is not properly sanitized. When the user clicks on the malicious link, it can execute scripts within the context of their browser session, potentially leading to theft of session cookies, credentials, or other sensitive information.

Understanding the nature of reflected XSS is critical for recognizing its implications for web security, especially since it can be initiated by seemingly legitimate links shared via email or social media, making it a common vector for exploits. This highlights the importance of input validation and output encoding in web applications to defend against such vulnerabilities.