XSS vs CSRF

XSS stands for Cross-site scripting.

CSRF stands for Cross-site request forgery.

 

Basically, in case of that, a user trusts a website which has vulnerabilities and an attacker injects a script into the trusted website. Upon executing the attacker's script this is called by XSS.

 

On the other hand, in case of that, a website trusts the user and attacker induce the user to perform an action which is not the user's intention. Upon executing the user's request this is called by CSRF.