Which of the following threats is most likely to be caused by poor input validation?

What happens when an application takes user inputted data and sends it to a web browser without proper validation and escaping?

An attack technique that forces a user’s session credential or session ID to an explicit value

What threat arises from not flagging HTTP cookies with tokens as secure?

How does malicious input flow in a DOM-based XSS?

Which attack can execute scripts in the user’s browser and is capable of hijacking user sessions, defacing websites or redirecting the user to malicious sites

What flaw can lead to exposure of resources or functionality to unintended actors?