A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability allows an attacker to bypass the Same-Origin Policy, potentially leading to sensitive information exposure. Properly implementing a restrictive CORS policy is crucial to prevent such security issues.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NYoudao Qanything
APPYoudao1.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-10264CRITICAL9.8PL ✓ten sam produkt
HTTP Request Smuggling w Youdao QAnything umożliwia RCE i nieautoryzowany dostęp
CVE-2024-12864HIGH7.5ten sam produkt
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything ...
CVE-2024-12866HIGH7.5ten sam produkt
A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability all...
CVE-2024-8027MEDIUM6.1ten sam produkt
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload mal...