Cross-Domain Misconfiguration

Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server. The detector identifies overly permissive Access-Control-Allow-Origin headers that may allow unauthorized domains to access sensitive resources.

Misconfigured CORS policies allow malicious websites to read sensitive data from the application through the victim’s browser. An attacker can host a malicious page that makes authenticated requests to the vulnerable application, bypassing the Same Origin Policy. The browser will include the user’s credentials (cookies, authentication tokens) in these cross-origin requests, allowing the attacker to extract private data such as account information, personal details, or API responses that should be restricted to the legitimate application domain.

Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance). Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.