CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

Parent: CWE-863 - Incorrect Authorization

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

84 vulnerabilities with CWE-942
CVE-2023-23128 MEDIUM
Connectwise - Permissive CORS Policy
CVSS 6.1
CVE-2022-34366 MEDIUM
Dell Supportassist For Home Pcs < 3.11.2 - Permissive CORS Policy
CVSS 6.5
CVE-2022-47717 HIGH
Lastyard Last Yard - Permissive CORS Policy
CVSS 7.5
CVE-2022-26969 CRITICAL
Directus <9.7.0 - Info Disclosure
CVSS 9.8
CVE-2022-31736 CRITICAL
Mozilla Firefox < 101 - Permissive CORS Policy
CVSS 9.8
CVE-2021-27786 MEDIUM
CORS - Info Disclosure
CVSS 4.6
CVE-2021-34435 HIGH
Eclipse Theia < 1.8.1 - Permissive CORS Policy
CVSS 8.8
CVE-2020-36851 CRITICAL
Rob W - Cors-Anywhere <SSRF>
CVE-2019-14860 MEDIUM
Redhat Fuse < 7.5.0 - Permissive CORS Policy
CVSS 6.5
Details
Vulnerabilities 84
Links
MITRE CWE Entry Search this CWE With Exploits