CVE-2020-26251
Open Zaak (version prior to 1.3.3) had a wide-open CORS policy allowing any client, which could enable cross-origin scripts to access the API. The CVE notes that Open Zaak 1.3.3 disables CORS by default, with opt-in possible via environment variables. The publicly provided documents state that ex...