/alerttags/owasp_2021_a10/ Recent content in OWASP_2021_A10 on ZAP Hugo en-us /docs/alerts/40103/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40103/ <p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.</p> /docs/alerts/40046/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40046/ <p>The web server receives a remote address and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.</p>