CSRF (Cross-Site Request Forgery)

Cross-Site Request Forgery (CSRF) is a security vulnerability that allows an attacker to trick a user into unknowingly submitting a harmful request to a website where they are authenticated. For example, if you are logged into your bank account and visit a malicious website, that site could make an unauthorized transaction on your behalf without your knowledge. CSRF exploits the trust that a web application has in the user's browser, potentially leading to data theft or loss. To protect against CSRF, websites often use tokens or require re-authentication for sensitive actions.