A penetration tester notices that the X-Frame-Optjons header on a web application is not set.
Which of the following would a malicious actor do to exploit this configuration setting?
A . Use path modification to escape the application’s framework.
B . Create a frame that overlays the application.
C . Inject a malicious iframe containing JavaScript.
D . Pass an iframe attribute that is malicious.
Answer: C