18 matches found
EUVD-2021-14527
Malware in sbrugna...
Cross-Origin Resource Sharing (CORS) Bypass
github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...
CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go
memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...
Design/Logic Flaw
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...
CVE-2023-36829 Sentry CORS misconfiguration vulnerability
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
Cross site scripting
Cross-origin resource sharing CORS enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An...
CVE-2021-27786
CVE-2021-27786 affects HCL Technologies OneTest Server (versions 10.0, 10.1, 10.2). The root cause is a misconfigured HTML5 CORS policy that lacks origin restrictions, allowing requests from arbitrary origins when Access-Control-Allow-Credentials is enabled. Impact stated in sources includes pote...
CVE-2021-27786 HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted
Cross-origin resource sharing CORS enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An...
Cross site request forgery (csrf)
Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open - every client is allowed. This allows evil.com to run...
Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing
Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing Date: 2020- 09- 02 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://github.com/JordanKnott/ Software Link: https://github.com/JordanKnott/taskcafe Version: 0.1.0 and 0.1.1 Tested on: Kali Linux 2020.3 POC: The web...
Nord Security: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information
Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. Description: An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy ...
U.S. Dept Of Defense: CORS Misconfiguration Leads to Exposing User Data
Vulnerable Asset: https://██████/█████████/ Discovery: - Upon accessing the site we discover two specific response headers which indicates that a cross-domain request for sensitive information might be possible 1. Access-Control-Allow-Origin: injectable 2. Access-Control-Allow-Credentials: true -...
Wordpress 5.2.4 - Cross-Origin Resource Sharing Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-jso...
WordPress 5.2.4 Cross Origin Resource Sharing
Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Date: 2019-10-28 Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-json POC: The web application fails to...
Boerse.de Cross SIte Scripting
Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...