Which statement best describes XSS Reflection vulnerability?

XSS Reflection happens when a web application takes user input and immediately includes it in the response without proper sanitization. The attacker provides payload data in a request (like a URL or form input), the server reflects that input back in the page, and the browser executes the injected script as part of the page viewed by another user. This allows the malicious script to run in the context of the victim’s session, enabling actions like stealing cookies or performing unauthorized requests. This is why the statement describing it as allowing an attacker to inject malicious scripts into web pages viewed by other users best captures the essence of reflection XSS. It’s different from stored XSS, where the payload is saved on the server for later display, and from ideas about cross-origin requests or encryption in transit, which are unrelated to this reflection mechanism.