CVE-2023-25603

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-942
View all →

Vulnerability Description

A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

Related Vulnerabilities

CVE-2021-34435

HIGH
CVSS:8.8(High)

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to t...

CWE-9422021

CVE-2023-46098

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This coul...

CWE-9422023

CVE-2023-46281

HIGH
CVSS:8.8(High)

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V...

CWE-9422023

CVE-2024-41657

HIGH
CVSS:8.8(High)

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any ...

CWE-9422024

CVE-2021-27786

CRITICAL
CVSS:9.8(Critical)

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial r...

CWE-9422021

CVE-2022-26969

CRITICAL
CVSS:9.8(Critical)

In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.

CWE-9422022