Cross-Site Request Forgery
Cross-Site Request Forgery tricks a logged-in user's browser into sending an unwanted request to a site where they are authenticated. Because the browser automatically attaches session cookies, the site treats the forged request as legitimate. Attackers can use this to change passwords, transfer funds, or modify settings, which is why sites use anti-CSRF tokens and same-site cookies.