CVE-2025-55462

A CORS misconfiguration in Eramba Community and Enterprise Editions v3.26.0 allows an attacker-controlled Origin header to be reflected in the Access-Control-Allow-Origin response along with Access-Control-Allow-Credentials: true. This permits malicious third-party websites to perform authenticat...

CVE-2025-55462

Eramba Community/Enterprise Editions v3.26.0 are affected by a CORS misconfiguration that reflects an attacker-controlled Origin header in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true. This enables authenticated cross-origin requests from malicious sites to endpoints su...