After visiting a website, a user receives an email thanking them for a purchase which they did not request.
Upon investigation the security administrator sees the following source code in a pop-up window:
<HTML>
<body onload="document.getElementByID('badForm').submit()"> <form id="badForm"
action="shoppingsite.company.com/purchase.php" method="post" <input name="Perform Purchase"
value="Perform Purchase" /> </form></body></HTML>
Which of the following has MOST likely occurred?
A. SQL injection
B. Cookie stealing
C. XSRF
D. XSS
Answer: C