Cobalt Vulnerability Wiki

V14 - Config

CORS (Cross-Origin Resource Sharing)

Add the following HTTP Request header: Origin: https://www.evil.com
The Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: https://www.evil.com server response headers indicate that the server will respond to any authenticated requests from any origin, even if it is trusted or not.

Low

Low

Join some of these great clients we’re proud to have helped