What type of vulnerability allows attackers to inject malicious scripts into content that users view in a browser?

Cross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious scripts into web content that users view in their browsers. This occurs when an application allows users to input data without sufficient validation and escapes the input before sending it to other users. As a result, when other users view this content, the malicious script executes within their browsers, potentially leading to various attacks such as cookie theft, session hijacking, or the dissemination of malware.

XSS is particularly concerning because it directly affects the end users of the web application, leading to a wide range of security issues and data breaches. The vulnerability can be categorized into different types, such as stored, reflected, and DOM-based XSS, each with its unique methods of exploitation but fundamentally sharing the common trait of script injection into user-accessible content.

Other options like command injection, session fixation, and credential stuffing pertain to different attack vectors and mechanisms, such as executing system commands, compromising user sessions without proper validation, or automating login attempts with stolen credentials, rather than the injection of scripts into web pages.