# XSS & CSRF

- [Tools](/documentation/web/cwee/xss-and-csrf/tools.md)
- [Cours](/documentation/web/cwee/xss-and-csrf/cours.md)
- [Introduction to Advanced CSRF & XSS Exploitation](/documentation/web/cwee/xss-and-csrf/cours/introduction-to-advanced-csrf-and-xss-exploitation.md)
- [Introduction to Advanced CSRF & XSS Exploitation](/documentation/web/cwee/xss-and-csrf/cours/introduction-to-advanced-csrf-and-xss-exploitation/introduction-to-advanced-csrf-and-xss-exploitation.md)
- [Lab warmup](/documentation/web/cwee/xss-and-csrf/cours/introduction-to-advanced-csrf-and-xss-exploitation/lab-warmup.md)
- [CSRF Exploitation](/documentation/web/cwee/xss-and-csrf/cours/csrf-exploitation.md)
- [Introduction to CSRF Exploitation](/documentation/web/cwee/xss-and-csrf/cours/csrf-exploitation/introduction-to-csrf-exploitation.md)
- [Same-Origin Policy & CORS](/documentation/web/cwee/xss-and-csrf/cours/csrf-exploitation/same-origin-policy-and-cors.md)
- [CORS Misconfigurations](/documentation/web/cwee/xss-and-csrf/cours/csrf-exploitation/cors-misconfigurations.md)
- [Bypassing CSRF Tokens via CORS Misconfigurations](/documentation/web/cwee/xss-and-csrf/cours/csrf-exploitation/bypassing-csrf-tokens-via-cors-misconfigurations.md)