XSS, SQLI, CSRF, WTF?
XSS and SQL injections are now widely known. But many people are not aware of CSRF (cross site request forgery) security holes in their web apps.
Unless somebody tells you or you read about it you usually don't think of that possibility. I'll try to provide a short example, some first aid fixes and point to generic solutions.