The root cause of a successful cross site request forgery (XSRF) attack against an application is that the
vulnerable application:

A.
uses multiple redirects for completing a data commit transaction.

B.
has implemented cookies as the sole authentication mechanism.

C.
has been installed with a non-legitimate license key.

D.
is hosted on a server along with other applications.

Explanation:

XSRF exploits inadequate authentication mechanisms in web applications that rely only on elements such as cookies when performing a transaction. XSRF is related to an authentication mechanism, not to redirection.
Option C is related to intellectual property rights, not to XSRF vulnerability. Merely hosting multiple applications on the same server is not the root cause of this vulnerability.