Cross-site request forgery (CSRF) is a common web application vulnerability, in which an attacker/hacker fools the victim’s browser into generating requests to a website which performs specific actions on behalf of the logged in user or the victim.
The web server receiving the request and performs the desired actions of the request, which looks similar to the normal request that is generated by the users’ browser. CSRF vulnerabilities can change a lot in severity; good ones can modify settings or post on someone’s side, but critical ones can end with password change, account takeover, and so on.
