API Security Checked by Vezraa
CORS Misconfiguration
Overly permissive cross-origin resource sharing settings that expose your API.
CORS misconfiguration typically means using Access-Control-Allow-Origin: * or reflecting arbitrary origins without validation. This allows any website to make cross-origin requests to your API, potentially exposing authenticated data.