EIP-2026-104213

The document describes a CORS misconfiguration vulnerability in CrafterCMS 4.x.x, where the server allows access from any domain, including attacker-controlled domains. It includes a detailed HTTP request/response demonstrating the vulnerability but does not provide functional exploit code.