CSRF (Cross-Site Request Forgery)
* Exploits : User's trust in the website
* Goal : Trick the user's browser into sending unintended requests to the website
* Requires : Active user session
* Impact : Limited to actions the user can perform
* Example : Transferring funds, changing passwords
XSS (Cross-Site Scripting)
* Exploits : Vulnerabilities in how the website handles user input
* Goal : Inject malicious scripts into web pages
* Requires : No active user session
* Impact : Stealing user information, hijacking sessions
* Example : Stealing cookies, redirecting users to malicious sites
