Which of the following open web application security threats occurs when suspicious data in an application is sent to the web browser without proper validation?

Cross-Site Scripting (XSS) is the correct answer as it pertains to the situation where a web application includes untrusted data in a web page sent to a user's browser without proper validation or escaping. This can allow attackers to execute arbitrary scripts in the context of the user's browser, potentially leading to data theft, session hijacking, or other malicious actions.

XSS vulnerabilities primarily occur when applications fail to sanitize input properly, allowing harmful scripts to be constructed and sent to the browser. Once executed, these scripts can manipulate the Document Object Model (DOM), alter the webpage content, or interact with the server on behalf of the user.

In contrast, the other options relate to different types of security issues. Security Misconfiguration occurs when security settings are not properly defined, which can lead to vulnerabilities, but it doesn't specifically involve unvalidated data being sent to the browser. Cross-Site Request Forgery (CSRF) exploits the trust between a user's browser and a web application to perform actions without the user's consent, but it doesn't focus on data injection or script execution in the browser. Injection vulnerabilities refer to a broader category of attacks where untrusted data is injected into a program, such as SQL injection, but these occur primarily on the server side rather