Cross-Origin Resource Sharing (CORS) is a mechanism that enables web browsers to perform cross-domain requests using the XMLHttpRequest API.
These cross-origin requests have an Origin header, that identifies the domain which sends the request.
It defines the protocol to use between a web browser and a server to determine whether a cross-origin request is allowed.
This vulnerability arises the potential for cross-domain attacks if a website’s CORS policy is misconfigured and implemented.
To prevent this vulnerability from happening, make sure that the server uses Whitelist which knows which Origin sent the request and whether to confirm it.