XSS = Cross-Site Scripting , CSRF = Cross-Site Request Forgery XSS It is a script injected inside the web application of the (innocent) host by Inserting script into the inputs of the website such as comment box, which will then be executed when users use the website. Placing it in the URL of