Which of the following attacks can occur when a user is

Solution

CSRF is an attack where an authenticated user is tricked into performing actions on a website without their consent. The attacker typically sends a malicious link or embeds it in a third-party site, and when the user clicks it, their browser unknowingly sends authenticated requests to the targeted application. This can result in unauthorized transactions, account modifications, or data theft. CSRF exploits the trust that the application places in the user's browser, relying on the lack of proper anti-CSRF measures like tokens. For example, a user logged into their bank account could unknowingly approve a transfer initiated by an attacker. Why Other Options Are Incorrect :

1. SQL Injection : This involves injecting malicious queries into databases, unrelated to user actions.
2. Distributed Denial-of-Service (DDoS) : This overwhelms servers, making websites unavailable, but doesn’t involve tricking users.
3. Credential Stuffing : This uses leaked credentials to gain unauthorized access, unrelated to unintended user actions.
4. Buffer Overflow : This exploits memory allocation vulnerabilities, not user behavior.