334 matches found
UBUNTU-CVE-2017-20146
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
CVE-2022-22757
CVE-2022-22757 concerns Mozilla Firefox and involves the Remote Agent used in WebDriver not validating the Host or Origin headers. This could allow a website to connect back locally to the user's browser to take control, specifically when WebDriver is enabled (not the default). Affected products ...
CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
DEBIAN-CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
CVE-2021-27786
Cross-origin resource sharing CORS enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An...
GHSA-73RX-3F9R-X949 Insufficient Verification of Data Authenticity in Apache Tomcat
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances...
CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...
CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that us...
Brave 信息泄露漏洞
Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave versions prior to 1.34 that stems from leaks.onion URLs appearing in the headers of Referer and Origin when using a private window with a Tor connection...
TikTok: CSRF protection bypass on TikTok Webcast Endpoints
Vulnerability description not provided...
UBUNTU-CVE-2022-22757
Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.. This vulnerability affect...
PT-2021-8576 · Github.Com/Gorilla/Handlers +12 · Github.Com/Gorilla/Handlers +3
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns the usage of the CORS handler, which may apply improper CORS headers. This allows the requester to explicitly control the value of th...
The vulnerability of the Adobe Flash Player in the Google Chrome web browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Adobe Flash Player in the Google Chrome web browser exists due to incorrect processing of the HTTP Origin header. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing
Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing Date: 2020- 09- 02 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://github.com/JordanKnott/ Software Link: https://github.com/JordanKnott/taskcafe Version: 0.1.0 and 0.1.1 Tested on: Kali Linux 2020.3 POC: The web...
CVE-2020-26527
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: ' header...
Acronis: Cross Origin Resource Sharing Misconfiguration
Description :- Cross-Origin Resource Sharing CORS is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. The CORS mechanism supports secure cross-origin requests and data transfers...
Cross-Site Request Forgery (CSRF)
@rails/ujs is vulnerable to cross-site request forgery CSRF. The same-origin header in XMLHttpRequest requests are not validated before including the CSRF token, potentially allowing remote attackers to submit requests on behalf of the user...
PT-2019-6678 · Red Hat · Jboss Application Server
Name of the Vulnerable Software and Affected Versions: JBoss Application Server versions prior to 7.1.0 Description: A CSRF issue was found in JBoss Application Server, where it did not properly restrict access to the management console information. This can be exploited via the...
WordPress 5.2.4 Cross Origin Resource Sharing
Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Date: 2019-10-28 Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-json POC: The web application fails to...