search

Vulnerabilities arising from Misconfigurations

Server-generated ACAO header from client-specified Origin headerchevron-rightErrors parsing Origin headerschevron-rightWhitelisted null origin valuechevron-rightExploiting XSS via CORS trust relationshipschevron-rightBreaking TLS with poorly configured CORSchevron-rightIntranets and CORS without credentialschevron-rightMitigationschevron-right
PreviousAccess-Control-Allow-Origin response headerNextServer-generated ACAO header from client-specified Origin header

Last updated