CORS Misconfigurations

Description

During the scan, Kayran managed to find CORS Misconfigurations.
Cross-Origin Resource Sharing is a technology being used by websites to make web browsers use the Same Origin Policy, and, enabling cross-domain communication between different websites.

An attacker might exploit the misconfigured CORS in order to get any sensitive data related to users or even their session.

Severity/Score

Average Score – 6.1 Medium

Recommendation

Use the Access-Control-Allow-Origin header to restrict which domains can create and send cross-origin requests to the web server.

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

https://cwe.mitre.org/data/definitions/16

https://cwe.mitre.org/data/definitions/346

< Return to all Vulnerabilities

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »