Correct option:
TRUE
Explanation:
JWT tokens are prone to Cross-Site Scripting (XSS) attacks if they are not handled securely. XSS vulnerabilities occur when an attacker injects malicious scripts into web pages viewed by other users. If a JWT token is stored in a way that is accessible to client-side JavaScript (such as in local storage or a cookie), an attacker could potentially steal the token and use it for malicious purposes.
To mitigate this risk, it's important to:
- Use HttpOnly and Secure flags for cookies storing JWT tokens.
- Avoid storing JWT tokens in local storage.
- Ensure proper validation and sanitization of any user input to prevent XSS attacks.