a:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"GPEN Exam - Question 38\",\"text\":\"Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?\",\"answerCount\":1,\"datePublished\":\"2024-09-04T10:55:00.000Z\",\"author\":{\"@type\":\"Organization\",\"name\":\"GIAC\"},\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"\",\"datePublished\":\"2024-09-04T10:55:00.000Z\",\"upvoteCount\":1,\"author\":{\"@type\":\"Organization\",\"name\":\"Examice\"},\"url\":\"https://examice.com/forum/giac/WXDzXH0bnz\"},\"suggestedAnswer\":[{\"@type\":\"Answer\",\"text\":\"These kinds of questions are not asked in the current exam. Please update the question book as soon as possible.\",\"datePublished\":\"2024-09-04T10:55:00.000Z\",\"upvoteCount\":1,\"url\":\"https://examice.com/forum/giac/WXDzXH0bnz/#z5a5ebTTK9\",\"author\":{\"@type\":\"Person\",\"name\":\"Anonymous\"}}]}}"}}],["$","div",null,{"className":"min-h-[calc(100vh_-_156px)] sm:min-h-[calc(100vh_-_166px)] flex w-full flex-col items-center bg-muted/60 sm:px-6","children":["$","div",null,{"className":"w-full max-w-[1110px] space-y-8 py-8 lg:space-y-10 lg:py-10","children":[["$","section","WXDzXH0bnz",{"className":"mx-auto space-y-8 rounded bg-white px-6 py-10 shadow-sm md:py-12","children":[["$","div",null,{"className":"group relative mx-auto max-w-[740px] overflow-hidden rounded-xl border-l-8 border-brand-active bg-gradient-to-br from-brand via-brand/95 to-brand/90 p-6 shadow-lg transition-all hover:shadow-xl","children":[["$","div",null,{"className":"absolute -right-12 -top-12 size-40 rounded-full bg-white/10 blur-3xl transition-all duration-700 group-hover:scale-125 group-hover:opacity-80"}],["$","div",null,{"className":"absolute -bottom-8 -left-8 size-24 rounded-full bg-white/5 blur-2xl transition-all duration-700 group-hover:scale-110"}],["$","div",null,{"className":"absolute left-1/2 top-1/2 size-60 -translate-x-1/2 -translate-y-1/2 rounded-full bg-white/5 opacity-0 blur-3xl transition-all duration-700 group-hover:opacity-60"}],["$","div",null,{"className":"relative flex flex-col items-center justify-between gap-6 md:flex-row","children":[["$","div",null,{"className":"flex items-center gap-x-5","children":[["$","div",null,{"className":"hidden rounded-full bg-white/15 p-3.5 shadow-inner backdrop-blur-sm transition-all duration-300 group-hover:scale-110 group-hover:bg-white/20 md:flex","children":["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"size-6 text-white transition-transform group-hover:rotate-3","children":["$","path",null,{"d":"M3 2.5C3 2.22386 3.22386 2 3.5 2H9.08579C9.21839 2 9.34557 2.05268 9.43934 2.14645L11.8536 4.56066C11.9473 4.65443 12 4.78161 12 4.91421V12.5C12 12.7761 11.7761 13 11.5 13H3.5C3.22386 13 3 12.7761 3 12.5V2.5ZM3.5 1C2.67157 1 2 1.67157 2 2.5V12.5C2 13.3284 2.67157 14 3.5 14H11.5C12.3284 14 13 13.3284 13 12.5V4.91421C13 4.51639 12.842 4.13486 12.5607 3.85355L10.1464 1.43934C9.86514 1.15804 9.48361 1 9.08579 1H3.5ZM4.5 4C4.22386 4 4 4.22386 4 4.5C4 4.77614 4.22386 5 4.5 5H7.5C7.77614 5 8 4.77614 8 4.5C8 4.22386 7.77614 4 7.5 4H4.5ZM4.5 7C4.22386 7 4 7.22386 4 7.5C4 7.77614 4.22386 8 4.5 8H10.5C10.7761 8 11 7.77614 11 7.5C11 7.22386 10.7761 7 10.5 7H4.5ZM4.5 10C4.22386 10 4 10.2239 4 10.5C4 10.7761 4.22386 11 4.5 11H10.5C10.7761 11 11 10.7761 11 10.5C11 10.2239 10.7761 10 10.5 10H4.5Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-center font-heading text-xl font-medium tracking-tight text-white md:text-left","children":["GPEN"," Exam Questions"]}],["$","span",null,{"className":"mt-1.5 text-center text-sm text-white/90 md:text-left","children":"Browse all questions from this exam"}]]}]]}],["$","div",null,{"className":"flex items-center","children":["$","$L19",null,{"href":"/exams/giac/gpen","className":"inline-flex items-center font-medium justify-center whitespace-nowrap text-sm focus-visible:outline-none focus-visible:ring-1 focus-visible:ring-ring disabled:pointer-events-none disabled:opacity-50 text-white active:bg-brand-active h-9 bg-brand-active hover:bg-white hover:text-brand-active transition-all duration-300 px-8 py-3 rounded-full shadow-md hover:shadow-lg","children":[["$","span",null,{"className":"font-medium","children":"Go to Exam"}],["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"ml-2 size-4 transition-transform duration-300","children":["$","path",null,{"d":"M6.1584 3.13508C6.35985 2.94621 6.67627 2.95642 6.86514 3.15788L10.6151 7.15788C10.7954 7.3502 10.7954 7.64949 10.6151 7.84182L6.86514 11.8418C6.67627 12.0433 6.35985 12.0535 6.1584 11.8646C5.95694 11.6757 5.94673 11.3593 6.1356 11.1579L9.565 7.49985L6.1356 3.84182C5.94673 3.64036 5.95694 3.32394 6.1584 3.13508Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}]]}]}]]}]]}],["$","div",null,{"className":"mx-auto max-w-[740px] space-y-8","children":[["$","h1",null,{"className":"font-heading text-2xl font-bold text-stone-800","children":"GPEN Exam - Question 38"}],["$","hr",null,{"className":"border-stone-200"}],["$","article",null,{"className":"prose prose-sm prose-stone max-w-full md:prose-base","dangerouslySetInnerHTML":{"__html":"

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

"}}]]}],[["$","fieldset",null,{"className":"prose prose-sm prose-stone mx-auto max-w-[740px] space-y-4 rounded bg-muted/60 p-4 md:prose-base","children":[["$","label","yeHj89PXWu",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-0","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-0","name":"option-0","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["A","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Stored XSS. because it may be located anywhere within static or dynamic sitecontent

"}}]]}],["$","label","LDea8zrfPC",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-1","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-1","name":"option-1","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["B","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Stored XSS. because it depends on emails and instant messaging systems.

"}}]]}],["$","label","fum0rnneri",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-2","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-2","name":"option-2","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["C","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Reflected XSS. because It can only be found by analyzing web server responses.

"}}]]}],["$","label","bGWjCnqXSP",{"className":"flex items-start gap-1.5 md:gap-2 p-4 rounded transition-all duration-300 cursor-pointer bg-white focus:bg-muted/50 focus:outline-none focus:ring-2 focus:ring-brand/40 has-[:checked]:bg-blue-100","htmlFor":"option-3","children":[["$","div",null,{"className":"flex items-center","children":[["$","input",null,{"type":"checkbox","id":"option-3","name":"option-3","className":"rounded-full size-3 md:size-3.5 transition-colors duration-300 appearance-none border border-gray-300 checked:bg-brand checked:border-brand focus:outline-none focus:ring-2 focus:ring-brand/40"}],["$","span",null,{"className":"ml-1.5 font-semibold md:ml-2.5","children":["D","."]}]]}],["$","div",null,{"className":"prose prose-sm prose-stone md:prose-base","dangerouslySetInnerHTML":{"__html":"

Reflected XSS: because it is difficult to find within large web server logs.

"}}]]}]]}],["$","div",null,{"className":"mx-auto max-w-[740px]","children":["$","details",null,{"className":"group","children":[["$","summary",null,{"className":"flex h-10 w-fit cursor-pointer items-center justify-center gap-2 rounded-full bg-brand px-8 font-heading text-sm font-medium text-white hover:bg-brand/90","children":[["$","span",null,{"className":"group-open:hidden","children":"Show Answer"}],["$","span",null,{"className":"hidden group-open:inline","children":"Hide Answer"}]]}],["$","div",null,{"className":"prose prose-sm prose-stone mx-auto mt-4 max-w-[740px] overflow-hidden pb-6 pt-2 md:prose-base","children":[["$","span",null,{"className":"font-medium","children":"Correct Answer: "}],["$","p",null,{"children":""}]]}]]}]}]]]}],["$","section",null,{"className":"mx-auto space-y-6 rounded-xl border border-stone-100/80 bg-white px-5 py-8 shadow-sm backdrop-blur-sm backdrop-saturate-150 transition-all md:px-8 md:py-10","children":["$","div",null,{"className":"mx-auto max-w-[740px] space-y-6","children":[["$","div",null,{"className":"mb-6 flex items-center gap-3 border-b pb-4","children":[["$","svg",null,{"width":"15","height":"15","viewBox":"0 0 15 15","fill":"none","xmlns":"http://www.w3.org/2000/svg","className":"size-5 text-indigo-500","children":["$","path",null,{"d":"M12.5 3L2.5 3.00002C1.67157 3.00002 1 3.6716 1 4.50002V9.50003C1 10.3285 1.67157 11 2.5 11H7.50003C7.63264 11 7.75982 11.0527 7.85358 11.1465L10 13.2929V11.5C10 11.2239 10.2239 11 10.5 11H12.5C13.3284 11 14 10.3285 14 9.50003V4.5C14 3.67157 13.3284 3 12.5 3ZM2.49999 2.00002L12.5 2C13.8807 2 15 3.11929 15 4.5V9.50003C15 10.8807 13.8807 12 12.5 12H11V14.5C11 14.7022 10.8782 14.8845 10.6913 14.9619C10.5045 15.0393 10.2894 14.9965 10.1464 14.8536L7.29292 12H2.5C1.11929 12 0 10.8807 0 9.50003V4.50002C0 3.11931 1.11928 2.00003 2.49999 2.00002Z","fill":"currentColor","fillRule":"evenodd","clipRule":"evenodd"}]}],["$","h2",null,{"className":"font-heading text-lg font-medium text-stone-700 md:text-xl","children":"Discussion"}],["$","span",null,{"className":"ml-auto rounded-full border border-indigo-100/60 bg-indigo-50/80 px-3 py-1 text-xs font-medium text-indigo-700 shadow-sm","children":[1," ","comment"]}]]}],["$","$L28",null,{"question":{"id":"WXDzXH0bnz","slot":38,"body":"

Which type of Cross-Sire Scripting (XSS> vulnerability is hardest for automated testing tools to detect, and for what reason?

","answer":null,"exam_id":"gpen","o_id":"146887-exam-gpen-topic-1-question-41-discussion","o_answer_long":"

","o_answer_short":"","o_sect":1,"o_slot":41,"is_published":true,"created_at":"$D2025-05-11T01:57:02.183Z","updated_at":"$D2025-05-12T11:49:29.949Z","last_comment_at":"$D2024-09-04T10:55:00.000Z","options":[{"id":"yeHj89PXWu","o_is_correct":true,"slot":0,"body":"

Stored XSS. because it may be located anywhere within static or dynamic sitecontent

","is_correct":null,"question_id":"WXDzXH0bnz","created_at":"$D2025-05-11T01:57:02.183Z","updated_at":"$D2025-05-11T01:57:02.183Z"},{"id":"LDea8zrfPC","o_is_correct":false,"slot":1,"body":"

Stored XSS. because it depends on emails and instant messaging systems.

","is_correct":null,"question_id":"WXDzXH0bnz","created_at":"$D2025-05-11T01:57:02.183Z","updated_at":"$D2025-05-11T01:57:02.183Z"},{"id":"fum0rnneri","o_is_correct":false,"slot":2,"body":"

Reflected XSS. because It can only be found by analyzing web server responses.

","is_correct":null,"question_id":"WXDzXH0bnz","created_at":"$D2025-05-11T01:57:02.183Z","updated_at":"$D2025-05-11T01:57:02.183Z"},{"id":"bGWjCnqXSP","o_is_correct":false,"slot":3,"body":"

Reflected XSS: because it is difficult to find within large web server logs.

","is_correct":null,"question_id":"WXDzXH0bnz","created_at":"$D2025-05-11T01:57:02.183Z","updated_at":"$D2025-05-11T01:57:02.183Z"}],"exam":{"code":"GPEN","id":"gpen","vendor_id":"giac"}},"session":null}],["$","div",null,{"className":"mt-8 space-y-8","children":[["$","div",null,{"className":"relative flex w-full","children":[false,["$","div",null,{"className":"flex flex-col w-full rounded-xl transition-colors duration-200","children":[["$","div",null,{"className":"relative flex items-center before:absolute before:left-[-5px] before:top-1/2 before:z-[15] before:size-[5px] before:-translate-y-1/2 before:bg-transparent","children":[["$","$L29",null,{"className":"relative z-20 size-9 overflow-hidden rounded-full bg-stone-100 ring-2 ring-stone-50 transition-all duration-200 hover:ring-indigo-50","children":["$","$L2a",null,{"src":"$2b","alt":"User avatar"}]}],["$","div",null,{"className":"flex flex-col items-start gap-1 pl-3","children":[["$","div",null,{"className":"flex items-center gap-x-2","children":[["$","span",null,{"className":"font-semibold text-stone-800","children":"Anonymous"}],""]}],["$","span",null,{"className":"text-xs text-stone-400","children":"Sep 4, 2024"}]]}]]}],["$","div",null,{"className":"relative","children":[["$","p",null,{"className":"prose prose-stone max-w-full whitespace-pre-line break-words py-3 text-[15px] leading-relaxed text-stone-600 [word-break:break-word]","children":"These kinds of questions are not asked in the current exam. Please update the question book as soon as possible."}],["$","$L2c",null,{"comment":{"id":"z5a5ebTTK9","body":"These kinds of questions are not asked in the current exam. Please update the question book as soon as possible.","created_at":"2024-09-04T10:55:00.000Z","parent_id":null,"user_id":"0jyGrfCO4q","user_name":null,"user_image":null,"options":[null],"upvotes":1,"upvoted":false,"children":[]},"session":null,"question":"$2d"}]]}],false]}]]}]]}]]}]}]]}]}]]