Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted
Vulnerability Description
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
过度许可的跨域白名单
Vulnerability Title
HCL Technologies OneTest Server 安全漏洞
Vulnerability Description
HCL Technologies OneTest Server是印度HCL Technologies公司的一个软件自动化测试工具。将测试数据、测试环境、测试运行和报告整合到一个基于 Web 的浏览器中,供测试人员和非测试人员使用。 HCL Technologies OneTest Server 版本10.0, 10.1, 10.2 存在安全漏洞,该漏洞源于应用存在HTML5 跨域资源共享 (CORS) 策略相关的问题,缺少对于域来源的限制。攻击者可以利用此漏洞可能执行特权操作并访问敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A