/alerttags/cwe-352/ Recent content in CWE-352 on ZAP Hugo en-us /docs/alerts/10202/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10202/ <p>No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> /docs/alerts/20012/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20012/ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> /docs/alerts/40103/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40103/ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> /docs/alerts/100005/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/100005/ /docs/alerts/90005-7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-7/ <p>Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.</p> /docs/alerts/90005-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-3/ <p>Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.</p> /docs/alerts/90005-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-6/ <p>Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.</p> /docs/alerts/90005-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-2/ <p>Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.</p> /docs/alerts/90005-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-5/ <p>Specifies the relationship between request initiator&rsquo;s origin and target&rsquo;s origin.</p> /docs/alerts/90005-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-1/ <p>Specifies the relationship between request initiator&rsquo;s origin and target&rsquo;s origin.</p> /docs/alerts/90005-8/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-8/ <p>Specifies if a navigation request was initiated by a user.</p> /docs/alerts/90005-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90005-4/ <p>Specifies if a navigation request was initiated by a user.</p>