qui CORS Misconfiguration: Arbitrary Origins Trusted
The application implements an HTML5 cross-origin resource sharing (CORS) policy that allows access from any domain. While the application is typically deployed within a trusted local network, successful exploitation of this weakness does not require any direct access to the instance by the attacker. Exploitation of this vulnerability uses the victim's browser as a conduit for interaction with the application. The mechanism used is a malicious webpage that requests from …