Cross Site Request Forgery attack CSRF

Cross-Site Request Forgery (CSRF ) is an attack that tricks the victim's browser into performing an undesired action on the victim's behalf. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item. For most websites browsers will automatically include any credentials associated with the site when they perform these types of actions. If the victim is currently authenticated to use a website, there is no way for the browser to distinguish between a valid action chosen by the user or a malicious action initiated by an attacker due to the exploitation of a CSRF vulnerability.