CORS misconfiguration TL;DR: Overly permissive Access-Control-* leaks responses across origins, often with credentials. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/web-security/cors