When I scan our application its reported multiple CSRF issues even the application has CSRF token & its validating the token.
I am unsure of the exact scenario of the CSRF vulnerability being reported or the specific configuration of the web application. However, if we can use an alternate cookie, or token or lack thereof to make a request, it sounds as if it may be a valid CSRF vulnerability. Here is our take on CSRF The specified item was not found. Each request must contain the unique token. My suggestion is that if you believe this is truly a false positive finding, please open a support ticket and include the scan report so we can investigate. Some additional reading that also may assist can be found here Cross-Site Request Forgery (CSRF) - OWASP and here Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet - OWASP .
Retrieving data ...