VYPR

CWE-942

Permissive Cross-domain Security Policy with Untrusted Domains

VariantIncomplete

Description

The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (62)

page 1 of 4
  • CVE-2020-36851CriSep 25, 2025
    risk 0.62cvss epss 0.01

    Rob--W cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local…

  • CVE-2026-8948CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-1181CriJan 19, 2026
    risk 0.59cvss 9.0epss 0.00

    Altium 365 workspace endpoints were configured with an overly permissive Cross-Origin Resource Sharing (CORS) policy that allowed credentialed cross-origin requests from other Altium-controlled subdomains, including forum.live.altium.com. As a result, JavaScript executing on…

  • CVE-2026-34227HigMar 31, 2026
    risk 0.57cvss 8.8epss 0.00

    Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected…

  • CVE-2024-11071HigApr 7, 2025
    risk 0.57cvss 8.8epss 0.00

    Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON…

  • CVE-2026-34449CriMar 31, 2026
    risk 0.55cvss 9.6epss 0.01

    SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-Control-Allow-Private-Network:…

  • CVE-2026-30924CriMar 19, 2026
    risk 0.55cvss 9.6epss 0.00

    qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests…

  • CVE-2026-9739CriMay 27, 2026
    risk 0.54cvss epss 0.00

    Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` flags to align with MCP security guidelines. However, the hardcoded `Access-Control-Allow-Origin: *` header in the SSE…

  • CVE-2026-50088HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS…

  • CVE-2026-50087HigJun 12, 2026
    risk 0.53cvss 8.2epss 0.00

    The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).

  • CVE-2026-44895CriMay 26, 2026
    risk 0.53cvss epss 0.00

    GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: * on every response. The structural defect is that the SSE server stands up a…

  • CVE-2025-13019HigNov 11, 2025
    risk 0.53cvss 8.1epss 0.00

    Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-13017HigNov 11, 2025
    risk 0.53cvss 8.1epss 0.00

    Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

  • CVE-2025-43480HigNov 4, 2025
    risk 0.53cvss 8.1epss 0.00

    The issue was addressed with improved checks. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious website may exfiltrate data cross-origin.

  • CVE-2025-57755HigAug 21, 2025
    risk 0.53cvss epss 0.00

    claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper Cross-Origin Resource Sharing (CORS) configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted…

  • CVE-2026-44184HigMay 12, 2026
    risk 0.52cvss 8.0epss 0.00

    Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials(). When…

  • CVE-2024-49763HigDec 2, 2024
    risk 0.50cvss epss 0.01

    PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount…

  • CVE-2026-10056HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform…

  • CVE-2025-9292HigFeb 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web…

  • CVE-2026-27579HigFeb 21, 2026
    risk 0.48cvss 7.4epss 0.00

    CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS responses while also permitting credentialed requests. An attacker-controlled…