Language:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Severity: Medium
ID: 98983
Type: remote
Family: HTTP Security Header
Published: 3/6/2020
Updated: 11/26/2021
Scan Template: pci, api, scan
Risk Factor: Low
Score: 3.45
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: Tenable
Risk Factor: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS Score Source: Tenable
OWASP: 2017-A6, 2013-A5, 2010-A6, 2021-A7, 2021-A5
WASC: Application Misconfiguration
OWASP API: 2019-API7
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5, 27001-A.10.1
CAPEC: 59, 60, 111, 141, 142, 384, 385, 386, 387, 388, 76, 75, 160, 21, 510, 89
PCI-DSS: 3.2-6.5.8
DISA STIG: APSC-DV-002560
OWASP ASVS: 4.0.2-14.4.7
NIST: sp800_53-SI-10(5)