| Title | Mindskip xzs-mysql 3.9.0 CORS Misconfiguration |
|---|
| Description | Mindskip xzs-mysql 3.9.0 has an overly permissive Cross-Origin Resource Sharing (CORS) configuration, allowing unauthorized cross-origin requests. This misconfiguration enables attackers to exploit a victim's authenticated session to access sensitive data or perform unauthorized actions by making requests from malicious origins. |
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/OverlyPermissiveCORS-Multiple.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 01/26/2025 10:50 (1 Year ago) |
|---|
| Moderation | 02/06/2025 15:26 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 294859 [Mindskip xzs-mysql 学之思开源考试系统 3.9.0 CORS cross-domain policy] |
|---|
| Points | 18 |
|---|