Cross-Site Scripting (XSS) is aweb application security vulnerabilitythat allows attackers to inject malicious client-side scripts into trusted web pages. This makes option A the correct answer. XSS occurs when applications fail to properly validate, sanitize, or encode user input before displaying it to other users.

When an XSS vulnerability is exploited, the injected script runs in the victim’s browser within the security context of the vulnerable website. This can lead to session hijacking, cookie theft, credential harvesting, keylogging, or redirection to malicious websites. XSS is commonly categorized intostored XSS, reflected XSS, and DOM-based XSS, all of which ethical hackers test during web application assessments.

Option B is incorrect because cloned websites are typically associated with phishing attacks, not XSS vulnerabilities. Option C is incorrect because XSS is primarily a web-based vulnerability, not a mobile-specific issue involving balance or contact theft.

From a defensive perspective, understanding XSS is critical for implementing secure coding practices such as input validation, output encoding, Content Security Policy (CSP), and proper use of modern frameworks. Ethical hackers test for XSS to help organizations prevent client-side attacks and protect user data.