Actions

Support #3114

open

CORS Misconfiguration - Any Attacker Origin Reflected with Credentials

Added by Veng Liza 20 days ago. Updated 14 days ago.

Status:
Completed
Priority:
Normal
Assignee:
Start date:
06/24/2026
Due date:
06/24/2026 (20 days late)
% Done:

100%

Estimated time:
Tester:
Testing Percentages:
0%

Description

The application is vulnerable to a Cross-Origin Resource Sharing (CORS) misconfiguration. The server reflects arbitrary attacker-controlled origins in the Access-Control-Allow-Origin header while also allowing credentials via Access-Control-Allow-Credentials: true.


Related issues 2 (2 open0 closed)

Copied from Support #3109: Improper Error Handling CompletedVeng Liza06/24/202606/24/2026

Actions
Copied to Support #3143: Clickjacking Vulnerability CompletedVeng Liza06/30/202606/30/2026

Actions
Actions

Also available in: Atom PDF