CSRF 12

• CSRF with broken Referer validation 17/03/2025
• CSRF where Referer validation depends on header being present 16/03/2025
• SameSite Lax bypass via cookie refresh 16/03/2025
• SameSite Strict bypass via sibling domain 13/03/2025
• SameSite Strict bypass via client-side redirect 12/03/2025
• SameSite Lax bypass via method override 12/03/2025
• CSRF where token is duplicated in cookie 09/03/2025
• CSRF where token is tied to non-session cookie 09/03/2025
• CSRF where token is not tied to user session 07/03/2025
• CSRF where token validation depends on token being present 07/03/2025
• CSRF where token validation depends on request method 07/03/2025
• CSRF vulnerability with no defenses 07/03/2025