Client-side attacks trick victims into taking actions without their consent. Cross-site request forgery (CSRF) is an example attack where a victim is tricked into submitting a request to a vulnerable website, such as transferring funds to an attacker's account. An attacker found a CSRF vulnerability that allowed forcing a victim to send money with a simple click on a malicious website. Cross-origin resource sharing (CORS) misconfigurations can also be exploited to read a victim's personal details by tricking them into visiting a malicious site that requests those details from a vulnerable website.