Youdao Qanything CORS Misconfiguration Vulnerability Allowing Same-Origin Policy Bypass

Vulnerability

A CORS misconfiguration vulnerability has been identified in Youdao Qanything version 1.4.1. This issue allows attackers to bypass the Same-Origin Policy, potentially leading to the exposure of sensitive information. A properly implemented restrictive CORS policy is essential to prevent such security vulnerabilities.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information by bypassing the Same-Origin Policy.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Youdao Qanything CORS Misconfiguration Vulnerability Allowing Same-Origin Policy Bypass

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating