There are several mentions of SQL injection and XSS in books and blogs alike, but not too much is seen about the lesser-known Cross-Site Request Forgery threats, which can be equally devastating. In short form, it is referred to as either XSRF or CSRF.
In a nutshell, when you authentically log in to an application as a legitimate user, your identity can be exploited to be used to send requests to a compromised web application, which will carry out the requests with your identity.
Hackers can easily take advantage of XSRF/CSRF because of the concept of how the web itself is supposed to work in a stateless manner.
XSRF/CSRF is carried out in the form of a confused deputy attack. This means that an action can be fooled, unsuspectingly, by some other entity, but with a devastating result by misusing its legitimate authority.