Cross-Site Request Forgery (CSRF) is one of the most common attacks on websites and web applications. A CSRF attack occurs when a user inadvertently loads a webpage that contains a malicious request. This webpage sends a malicious request to a website or web application using the identity and privileges of the user to perform an undesired action, such as changing configurations or invoking a service.

A web application is vulnerable to CSRF attacks if the application performs actions based on inputs from authenticated users but does not require users to authorize specific actions. That is, if you are authenticated to a web application by a cookie stored in your web browser, you could unknowingly send a malicious HTTP or HTTPS request to the application.