During a penetration test in a hypervisor, the security engineer is able to use a script to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications, where an attacker injects malicious scripts into trusted websites. This does not apply to the hypervisor context described in the question, as it relates to web environments rather than interactions between VMs and host systems.

A malicious update involves an attacker distributing harmful software through legitimate update mechanisms, compromising systems upon installation. This concept does not pertain to the injection of payloads within a hypervisor environment and lacks the specific context of accessing the host filesystem.

SQL injection is a technique where an attacker inserts or manipulates SQL queries to exploit vulnerabilities in database applications. This type of attack is unrelated to hypervisors and virtual machine environments and does not describe the situation where the host filesystem is accessed through a malicious payload.