A web developer has contacted you concerning some suspicious activity reported by users on the corporate intranet site. The users have experienced unexpected behavior where their session tokens are being sent to an unknown external URL while they are logged into the intranet. What type of vulnerability is most likely being exploited in this scenario?
Open permissions vulnerability
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
SQL injection