An insurance company has developed a new web application to allow its customers to choose and apply for an insurance plan. You have been asked to help perform a security review of the new web application. You have discovered that the application was developed in ASP and used MSSQL for its backend database. You have been able to locate an application's search form and introduced the following code in the search input field:

$-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-$

IMG SRC$=$vbscript:msgbox$("$Vulnerable$\_$to$\_$Attack"$)$;$>$ originalAttribute$="$SRC$"$

originalPath$=$"vbscript:msgbox$("$Vulnerable$\_$to$\_$Attack $")$;$>"$

$-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-$

When you click submit on the search form, your web browser returns a pop$-$up window that displays Vulnerable$\_$to$\_$Attack. Which of the following vulnerabilities did you discover in the web application?

Cross$-$site request forgery

Command injection

Cross$-$site scripting $--$ This is the correct answer

SQL injection

Can you please provide an explanation as to why this answer is correct so I can be prepared on the CySA$+$ certification exam.