Home / Vulnerability Database / JavaScript : Cross-site request forgery (CSRF)
JavaScript
JavaScript : Cross-site request forgery (CSRF)
Classification
OWASP Top 10 2013
OWASP Top 10 2021
CWE/SANS Top 25 2011
CWE/SANS Top 25 2021
Overview
Cross Site Request Forgery (CSRF) is possible. HTTP-request must contain a unique user secret parameter.
For example, if the application uses session cookies and does not require explicit user confirmation of a request that does not change the status of the application, an attacker can execute illegitimate requests on behalf of the victim.
LOW
DerScanner Severity Score
Do you want to fix JavaScript : Cross-site request forgery (CSRF) in your application?
See also
JavaScript
JavaScript : Null salt
JavaScript
JavaScript : Empty encryption key
JavaScript