Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site when the user is authenticated. CSRF attacks are used by an attacker to make a target system perform a function via the victim’s browser, without victim’s knowledge, at least until the unauthorized transaction has been committed. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application and privileges of the user.”]