9155d3ac55
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
4 lines
459 B
Plaintext
4 lines
459 B
Plaintext
Without origin verification, the target website cannot distinguish between legitimate requests from its own pages and malicious requests from an attacker's site. The attacker can craft a malicious website or script that sends requests to a target website where the user is already authenticated.
|
|
|
|
This vulnerability class is not about a single specific user input or action, but rather a series of actions that lead to an insecure cross-origin communication.
|