CSRF vulnerability with no defenses
CSRF where token validation depends on request method
CSRF where token validation depends on token being present
CSRF where token is not tied to user session
CSRF where token is tied to non-session cookie
CSRF where token is duplicated in cookie
SameSite Lax bypass via method override
SameSite Strict bypass via client-side redirect
SameSite Strict bypass via sibling domain
SameSite Lax bypass via cookie refresh
CSRF where Referer validation depends on header being present
CSRF with broken Referer validation
Last updated 1 year ago
