Actions
Support #3114
openCORS Misconfiguration - Any Attacker Origin Reflected with Credentials
Start date:
06/24/2026
Due date:
06/24/2026 (20 days late)
% Done:
100%
Estimated time:
Tester:
Testing Percentages:
0%
Description
The application is vulnerable to a Cross-Origin Resource Sharing (CORS) misconfiguration. The server reflects arbitrary attacker-controlled origins in the Access-Control-Allow-Origin header while also allowing credentials via Access-Control-Allow-Credentials: true.
Updated by Veng Liza 20 days ago
- Copied from Support #3109: Improper Error Handling added
Updated by Veng Liza 14 days ago
- Copied to Support #3143: Clickjacking Vulnerability added
Actions