CSRF

Cross-Site Request Forgery (CSRF) is a security vulnerability where an attacker tricks a logged-in user into unknowingly executing actions on a trusted website without their consent. This happens by exploiting the user's authenticated session, often through malicious links or emails. For example, if you are signed into your bank website, a malicious site could send a request to transfer funds without your knowledge. To prevent CSRF, websites use security tokens or same-site cookies, ensuring that requests are intentionally made by the user and not forged by third parties.