During a web application pentest, you discover that user input is reflected in an HTML page without sanitization. Which attack type should you attempt first?
-
A
SQL Injection
-
B
Cross-Site Scripting (XSS)
-
C
Command Injection
-
D
XML External Entity (XXE)