Cross-Site Request Forgery (CSRF) is an attack that forces the victim to send an HTTP request to a target destination without knowledge or intent. This type of attack causes the end user to execute unwanted actions in a web application for which they are currently authenticated.
There are numerous ways in which an end user can be tricked into loading information from or submitting information to a web application. With a little social engineering, an attacker can trick users into executing state changing requests like transferring funds, changing their email address, and more. If the victim is an administrative account, CSRF can potentially compromise the entire web application.
Cross-Site Request Forgery exploits the trust that a website has for a user. By contrast, Cross-Site Scripting (XSS) exploits the trust that a user has for a website.