$15.$ Web security

There are two types of attack on web access. One is called cross site request forgery $($CSRF$)$ and the other is called stored cross site scripting $($XSS$).$ The difference between CSRF and XSS is:

Group of answer choices

a$.$ In CSRF$,$ a hacker $($attacker$)$ takes advantage of a web server vulnerability to embed a script on the web server

b$.$ In XSS$,$ a hacker $($attacker$)$ takes advantage of a web server vulnerability to embed a script on the web server

c$.$ In CSRF$,$ when a browser visits a vulnerable website, it downloads and runs a script embedded on the web server by an attacker

d$.$ None of the above