Difference between XSS and CSRF

1. XSS :
XSS is a computer security vulnerability found in web applications that enables cybercriminal to inject client-side scripts into web pages viewed by the users. The cybercriminal makes the victim’s browser execute a script (mostly written in JavaScript) that has injected by the attacker when visits a trusted website. The cybercriminal has several ways of injecting the JavaScript into a web site that the victim trusts. It does not need an authenticated session and can be exploited when the vulnerable website doesn’t do the basics of validating or escaping input.

2. CSRF :
Cross Site Request Forgery is one of the most severe computer security vulnerabilities that can be exploited in various ways from changing user’s information without his knowledge to gaining full access to user’s account. The cybercriminal tries to force/trick you into making a request which you did not intend, making use of the existing victim’s context, such as cookies. Every single time you interact with website, its server checks the cookie you send with the request so it knows it’s you.

Difference between XSS and CSRF :

1. XSS stands for Cross-Site Scripting. CSRF stands for Cross-Site Request Forgery.
2. The cybercriminal injects a malicious client side script in a website. The script is added to cause some form of vulnerability to a victim. The malicious attack is created in such a way that a user sends malicious requests to the target website without having knowledge of the attack.
3. In this, injection of arbitrary data by data that is not validated. It depends on the functionality and features of the browser to retrieve and execute the attack bundle.
4. It has a requirement of JavaScript. It does not has requirement of JavaScript.
5. The site accepts the malicious code. The malicious code is stored in third party sites.
6. The site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks. The site that is completely protected from XSS attack types is still vulnerable to CSRF attacks.
7. XSS is more harmful as compared. CSRF is less harmful as compared.
8. Using XSS vulnerability the attacker can do anything he/she wants. Using CSRF vulnerability the attacker can do only what the vulnerable urls do.​

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.