Сross-Site Request Forgery (CSRF) is possible.

Cross-Site Request Forgery (CSRF) attacks rank eighth on the OWASP Top 10 2013. CSRF is a type of attack that occurs when a malicious website, email or blog forces a user’s browser to perform an action on another site where the user is logged in.

Possible scenario of an attack:

The victim goes to a site created by the attacker, and a request is secretly sent on his behalf to another server (for example, a payment system server) that performs some kind of malicious operation (e.g., transferring money to the attacker’s account). In order to carry out this attack, the victim must be authenticated on the server to which the request is sent and the request must not require any confirmation from the user, which cannot be ignored or forged by the attacking script.

C-sharp : Cross-site request forgery (CSRF)

DerScanner Severity Score

Do you want to fix C-sharp : Cross-site request forgery (CSRF) in your application?

See also