SYM_JSTS_0041 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Origin Validation Error
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-346: Origin Validation Error |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application sets CORS headers like 'Access-Control-Allow-Origin' using values directly from user input (such as request headers, parameters, or body). This allows untrusted origins to access protected resources, exposing the API to cross-origin attacks.
Impact
If exploited, attackers could bypass browser security controls to access sensitive data or perform actions as an authenticated user from malicious websites. This may lead to data leaks, account compromise, or unauthorized operations affecting users and the organization.