Cross-Origin Data Theft
Glances is vulnerable to Cross-Origin Data Theft via XML-RPC Server CORS Misconfiguration. The vulnerability is due to the XML-RPC handler not validating the Content-Type header, where an attacker-controlled webpage can issue a CORS simple request containing a valid XML-RPC payload, and the serve...