Cross-Site Request Forgery (CSRF)

This occurs when an attacker submits forms to the web application in the context of another authenticated user. For example, a hacker may direct a user to a malicious URL that automatically submits a form to the web application from the user’s browser. If the affected user is currently logged in to the application, the hacker can execute any action on their behalf.