Definition Edit

Cross site request forgery is

a type of malicious exploit where an attacker gains access to and executes unauthorized commands on a target web application (e.g., web interface for a network device or web email client) via the browser of an already authenticated user. The attack is accomplished by tricking a validated user who has logged in and has a session cookie stored in the browser into opening an email message or visiting a webpage with imbedded malicious content.[1]

References Edit

  1. Privacy Technical Assistance Center, Cross Site Request Forgery (full-text).