In the context of application-based attacks, what does cross-site scripting (XSS) exploit?

Cross-site scripting (XSS) primarily exploits weaknesses in user input validation. In XSS attacks, malicious scripts are injected into trusted websites or applications, taking advantage of the way web browsers process and render content. When a user accesses the compromised site, the malicious script runs within the user's browser as if it were part of the legitimate content.

The underlying issue here is the failure to adequately validate or sanitize user inputs. If an application does not properly check input data for harmful scripts, it may inadvertently allow these scripts to execute. This can lead to various issues such as data theft, session hijacking, or redirecting users to malicious sites.

The other options relate to different aspects of security but do not directly connect with the core issue of XSS. Server-side script execution pertains more to server vulnerabilities rather than user input. Data encryption policies deal with securing data in transit or at rest, while network security protocols focus on protecting data as it travels across networks. Each of these areas is critical for information security but does not specifically address the primary exploit that XSS targets.