Cross-site request forgery (CSRF) allows an attacker to perform actions on a Web site on behalf of a victim. The flaw was found on the Web sites of The New York Times, ING Direct, Google’s YouTube and MetaFilter. CSRF flaws have largely been ignored by Web developers due to a lack of knowledge, academics say. On both sites, the CSRF problems have been fixed, the authors wrote. In one case, an attacker could transfer a victim’s money into their own account.”]
Source: https://www.csoonline.com/article/2123285/prominent-web-sites-found-to-have-serious-coding-flaw.html