XSS vs CSRF
Similarities
Both attacks have in common that they are client-side attacks and need some form of user activity (e.g. clicking a link or visiting a website).
Unlike RFI or SQLi vulnerabilities, you’re attacking a user rather than the server.
Difference
In a cross-site request forgery attack, the attacker tries to force/trick you into making a request which you did not intend. This could be sending you a link that makes you involuntarily change your password. A malicious link could look like that:
<https://security.stackexchange.com/account?new_password=abc123>In a cross-site scripting attack, the attacker makes you involuntarily execute client-side code, most likely Javascript. A typical reflected XSS attacking attempt could look like this
<https://security.stackexchange.com/search?q=>"><script>alert(document.cookie)</script>The consequences of XSS vulnerabilities are generally more serious than for CSRF vulnerabilities:
- CSRF often only applies to a subset of actions that a user is able to perform. Many applications implement CSRF defenses in general but overlook one or two actions that are left exposed. Conversely, a successful XSS exploit can normally induce a user to perform any action that the user is able to perform, regardless of the functionality in which the vulnerability arises.
- CSRF can be described as a “one-way” vulnerability, in that while an attacker can induce the victim to issue an HTTP request, they cannot retrieve the response from that request. Conversely, XSS is “two-way”, in that the attacker’s injected script can issue arbitrary requests, read the responses, and exfiltrate data to an external domain of the attacker’s choosing.
Reference
https://security.stackexchange.com/questions/138987/difference-between-xss-and-csrf https://portswigger.net/web-security/csrf/xss-vs-csrf