Cross-Site Request Forgery (CSRF) vulnerabilities remediation usually rely on the usage of CSRF tokens which are sensitive and unpredictable values shared between the web application sever and the clients. When performing sensitive or privileged actions (like submitting some forms for example), CSRF tokens are sent in the HTTP client request and validated by the server. Some web applications may fail to properly validate the CSRF tokens, leaving them still vulnerable to Cross-Site Request Forgery (CSRF) attacks.

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL servers often allow other `Content-Type` header values than `application/json`, and GET based requests for both queries and mutations. By leveraging this, an attacker could achieve a Cross-Site Request Forgery (CSRF) attack and make an authenticated user perform arbitrary actions on the target GraphQL endpoint.

Cross Site Request Forgery (CSRF) occurs when an user is tricked into clicking on a link which would automatically submit a request without the user's consent.

This can be made possible when the request does not include an anti-CSRF token, generated each time the request is visited and passed when the request is submitted, and which can be used by the web application backend to verify that the request originates from a legitimate user.

Exploiting requests vulnerable to Cross-Site Request Forgery requires different factors:

- The request must perform a sensitive action.

- The attacker must make the victim click on a link to send the request without their consent.

The exploitation of this vulnerability will in most cases have a very limited impact. However, it is possible to create complex scenarios in case the application is also vulnerable to Cross-Site Scripting.

Cross Site Request Forgery (CSRF) occurs when an authenticated user is tricked into clicking on a link which would automatically submit a request without the user's consent.

This can be made possible when the request does not include an anti-CSRF token, generated each time the request is visited and passed when the request is submitted, and which can be used by the web application backend to verify that the request originates from a legitimate user.

Exploiting requests vulnerable to Cross-Site Request Forgery requires different factors:

- The request must perform a sensitive action.

- The victim must have an active session.

- The attacker must make the victim click on a link to send the request without their consent.

Scanner detected a request, available only to authenticated users, where all parameters within are known or predictable. The request may therefore be vulnerable to CSRF attacks.

Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.

ID	Name	Severity
113900	Cross-Site Request Forgery Token Validation Bypass	medium
112920	GraphQL Cross-Site Request Forgery	medium
113332	Login Form Cross-Site Request Forgery	low
98112	Cross-Site Request Forgery	medium

Detections

Analytics

Cross Site Request Forgery Family for Web App Scanning

medium

medium

low

medium