Fix unresolved xref

Issue gh-13552

Author: marcusdacoregio

Diff for: docs/modules/ROOT/pages/servlet/exploits/csrf.adoc

@@ -114,7 +114,7 @@ The following is an overview of the aspects of CSRF protection that have changed
 The changes in Spring Security 6 require additional configuration for single-page applications, and as such you may find the <<csrf-integration-javascript-spa>> section particularly useful.
 ====
 
-See the xref:migration/servlet/exploits.adoc[Exploit Protection] section of the xref:migration/servlet/index.adoc[Migration] chapter for more information on migrating a Spring Security 5 application.
+See the https://docs.spring.io/spring-security/reference/5.8/migration/servlet/exploits.html[Exploit Protection] section of the https://docs.spring.io/spring-security/reference/5.8/migration/index.html[Migration] chapter for more information on migrating a Spring Security 5 application.
 
 [[csrf-token-repository]]
 == Persisting the `CsrfToken`
@@ -1609,4 +1609,4 @@ You can find more information in the https://docs.spring.io/spring/docs/current/
 [[csrf-further-reading]]
 == Further Reading
 
-Now that you have reviewed CSRF protection, consider learning more about xref:servlet/exploits/index.adoc[exploit protection] including xref:servlet/exploits/headers.adoc[secure headers] and the xref:servlet/exploits/firewall.adoc[HTTP firewall] or move on to learning how to xref:servlet/test/index.adoc[test] your application.
+Now that you have reviewed CSRF protection, consider learning more about xref:servlet/exploits/index.adoc[exploit protection] including xref:servlet/exploits/headers.adoc[secure headers] and the xref:servlet/exploits/firewall.adoc[HTTP firewall] or move on to learning how to xref:servlet/test/index.adoc[test] your application.