XSS(Cross Site Scripting) and XSRF(Cross Site Request Forgery) are two most biggest security issues in the web industry. Both are Javascript attacks and it can be very serious attacks.

XSRF reference : https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
It uses the authentification of the and attacks to change the states not to steal the data, since the response cannot be received to the forged request. It tricks the users to state changing requests like transferring funds and change email address. It can request forge get method or post method. For