During incident classification, cross-site scripting attacks can be classified as which type of attack?

During incident classification, cross-site scripting (XSS) attacks are typically classified as Web attacks. This classification is due to the nature of XSS attacks, which involve injecting malicious scripts into web pages viewed by other users. These attacks exploit vulnerabilities in web applications, particularly those that do not properly sanitize user input. The classification as a web attack highlights the specific context and method of the attack, which is centered around web-based technology and interactions.