CWE-942: CWE-942

This vulnerability allows attackers to bypass the same-origin policy in Firefox and Thunderbird by exploiting a flaw in the DOM Workers component. It ...

This CVE describes a same-origin policy bypass vulnerability in the DOM Notifications component of Mozilla products. It allows malicious websites to a...

A logic vulnerability in Casdoor's CORS filter allows any website to make cross-domain requests to Casdoor as the logged-in user. This occurs because ...

CVE-2023-23464 is a permissive Flash cross-domain policy vulnerability in Media CP Media Control Panel that allows attackers to bypass same-origin pol...

CVE-2024-37131 is an overly permissive Cross-Origin Resource Policy (CORP) vulnerability in Dell Secure Connect Gateway Policy Manager. This allows re...

CVE-2023-2360 is a Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability in Acronis Cyber Infrastructure that allows attackers to steal ...

CVE-2022-47717 is a Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability in Last Yard version 22.09.8-1 that allows malicious websites ...

Litestar ASGI framework versions before 2.20.0 have a CORS origin validation bypass vulnerability. Attackers can craft malicious origin headers that m...

Omnissa UAG contains a CORS bypass vulnerability that allows attackers with network access to circumvent administrator-configured CORS restrictions. T...

This CVE describes an overly permissive CORS policy vulnerability in Siemens industrial software products. An attacker could exploit this by tricking ...

This CVE describes an insecure CORS policy in Tenda W30E V2 routers that allows attacker-controlled websites to make authenticated cross-origin reques...

A CORS misconfiguration in Eramba Community and Enterprise Editions allows malicious websites to perform authenticated cross-origin requests against t...

This CVE describes a same-origin policy bypass vulnerability in the Layout component of Mozilla products. It allows malicious websites to access data ...

CVE-2024-6449 is a cross-site scripting (XSS) vulnerability in HyperView Geoportal Toolkit that allows unauthenticated attackers to inject and execute...

PILOS before version 4.8.0 has a CORS misconfiguration that reflects the Origin header without validation while allowing credentials. This could theor...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Drupal Next.Js modules due to an overly permissive cross-domain security policy. Atta...

IBM Concert Software versions 1.0.0 through 1.1.0 have an overly permissive CORS configuration that doesn't restrict allowed origins to trusted domain...

IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 have an overly permissive cross-domain policy file that includes untrusted domains. This could allow...

IBM Security ReaQta 3.12 contains a cross-site scripting vulnerability that allows privileged users to inject malicious JavaScript into the web interf...

This vulnerability allows malicious websites to bypass same-origin policy protections and exfiltrate image data from other websites. It affects users ...

A sandbox bypass vulnerability in Bruno IDE allows malicious API collection files to execute arbitrary code when imported and run, even in Safe Mode. ...

An incorrect CORS configuration in Hiberus Sintra allows attackers to perform cross-origin requests with credentials, potentially enabling unauthorize...