CVE ID : CVE-2025-51605
Published : Aug. 22, 2025, 4:15 p.m. | 10 hours ago
Description : An issue was discovered in Shopizer 3.2.7. The server’s CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More