Amanda has noticed an attack against some of the users of her website that leverages URL parameters and cookies to make legitimate users perform unwanted actions. Which of the following types of attack has she MOST LIKELY found?

Cross-site request forgery (XSRF or CSRF) takes advantage of the cookies and URL parameters legitimate sites use to help track and serve their visitors. In an XSRF or a CSRF attack, attackers leverage authorized, authenticated users’ rights by providing them with cookie or session data that will be read and processed when they visit the target site. An attacker may embed a link within an email or other location that will be clicked or executed by the user or an automated process with that user’s session already open. This is not SQL injection, which would attempt to send commands to a database, or LDAP injection, which gathers data from a directory server. Cross-site scripting (XSS) would embed code in user-submittable data fields that a website will display to other users, causing it to run.