"Site tasks are usually linked to specific urls (Example:
http://site/stocks?buy=100&stock=ebay) allowing specific
actions to be performed when requested. If a user is logged into
the site and an attacker tricks their browser into making a request
to one of these task urls, then the task is performed and logged as
the logged in user. Typically you'll use Cross Site Scripting to
specific 'task url' which gets executed without the users
knowledge. These sorts of attacks are fairly difficult to detect
potentially leaving a user debating with the website/company as to
whether or not the stocks bought the day before we initiated by the
user after the price plummeted."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.