Which of the following threat types involves the sending of untrusted data to a user`s browser to be executed with their own credentials and access? 

Answer options:

A. Missing function level access control
B. Cross-site scripting
C. Cross-site request forgery
D. Injection

B

Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user`s browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user`s browser with the user`s own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user`s own computer that their browser has the ability to access.