Description
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
Scores
CVSS v3
4.6
EPSS
0.0019
EPSS Percentile
40.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-942
CWE-697
Status
published
Products (3)
hcltech/onetest_server
10.0
hcltech/onetest_server
10.1
hcltech/onetest_server
10.2
Published
Jun 09, 2022
Tracked Since
Feb 18, 2026