Web Application Unidentified CSRF token.

This QID is reported whenever the CSRF tokens are not identified against the reported form during CSRF testing. CSRF tokens are used to prevent web forms being manipulated by Cross-Site Request forgery. If the CSRF token is identified during the scan it is a good indication that the form is protected against CSRF attacks. However please note that the absence or the presence of CSRF token solely is not sufficient for the form to be vulnerable or otherwise. The CSRF tokens are identified by analyzing the content of form fields.

We are unable to confirm the CSRF vulnerability. If the token is not present your form is likely vulnerable and could be exploited.

We recommend manual testing and adding CSRF preventive measures to make sure form is not vulnerable to CSRF.