During an incident response, which type of attack is best described by a log entry indicating unauthorized script execution on a web page?

The indication of unauthorized script execution on a web page aligns with cross-site scripting (XSS) attacks. In an XSS attack, an attacker injects malicious scripts into content that is then delivered to users without proper validation or sanitation. This can lead to various types of harm, such as stealing session cookies, redirecting users to malicious sites, or displaying unwanted content.

When a log entry shows unauthorized script execution, it typically points towards the execution of scripts that were not intended by the web application, suggesting that an attacker has exploited a vulnerability to run their code within the context of legitimate users. Cross-site scripting specifically targets the user's browser environment, allowing the attacker to perform actions on behalf of the user without their knowledge.

The other attack types listed do not fit this scenario as precisely. SQL injection involves manipulating backend databases through improperly sanitized input, while pass-the-hash refers to an authentication exploit in which an attacker gains access using hash values instead of plaintext passwords. Directory traversal allows unauthorized file system access by manipulating URL paths, which does not pertain to script execution on a web page. Thus, cross-site scripting is the most appropriate classification for an attack characterized by unauthorized script execution.