Origin Validation Error
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-346: Origin Validation Error |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The application sets CORS headers like ‘Access-Control-Allow-Origin’ using values directly from user input (such as request headers, parameters, or body). This allows untrusted origins to access protected resources, exposing the API to cross-origin attacks.
Impact#
If exploited, attackers could bypass browser security controls to access sensitive data or perform actions as an authenticated user from malicious websites. This may lead to data leaks, account compromise, or unauthorized operations affecting users and the organization.