A type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Also known as one-click attack or session riding.