What attack occurs when a malicious website tricks users into loading a URL from a site where they are already authenticated?

The attack that occurs when a malicious website tricks users into loading a URL from a site where they are already authenticated is Cross-Site Request Forgery (XSRF). In this type of attack, the attacker exploits the trust that a web application has in the user's browser.

When a user is authenticated on a legitimate site, their session is usually maintained through a cookie stored in the browser. If the user unintentionally visits a malicious site, the attacker can craft a request that gets sent to the legitimate site. This request often includes the user's session cookies, as the request is made from the user's browser, which still has the active session cookies for that site. As a result, the legitimate server processes the request as if it was made intentionally by the authenticated user.

XSRF can lead to unauthorized actions being taken on behalf of the user, such as transferring funds, changing account settings, or executing actions without the user's consent. This attack exploits the user's authenticated state without needing to steal their credentials.

The other options represent different types of attacks that do not fit the described scenario. For instance, Cross-Site Scripting (XSS) involves injecting malicious scripts into web pages viewed by other users but does not typically involve tricking a user's session