🟢CSRF

Grammarly disclosed on HackerOne: Lack of CSRF header validation at...HackerOne

Logitech disclosed on HackerOne: One Click Account takeover using...HackerOne

U.S. Dept Of Defense disclosed on HackerOne: Account takeover...HackerOne

Reddit disclosed on HackerOne: CSRF (protection bypassed) to force...HackerOne

QIWI disclosed on HackerOne: Account takeover just through csrf in...HackerOne

Gratipay disclosed on HackerOne: CSRF csrftoken in cookiesHackerOne

drchrono disclosed on HackerOne: CSRF Add Album On onpatient.comHackerOne

Coinbase disclosed on HackerOne: CSRF bug on password changeHackerOne

Site Wide CSRF on GlassdoorWitCoat Security Blog