"CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated." - OWASP "Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites." - OWASP