diff --git a/CORS Misconfiguration/README.md b/CORS Misconfiguration/README.md index 7d4d715b..1bbbc7ed 100644 --- a/CORS Misconfiguration/README.md +++ b/CORS Misconfiguration/README.md @@ -131,7 +131,7 @@ https://trusted-origin.example.com/?xss= ### Vulnerable Example: Wildcard Origin `*` without Credentials If the server responds with a wildcard origin `*`, the browser does never send -the cookies. Howver, if the server does not require authentication, it's still +the cookies. However, if the server does not require authentication, it's still possible to access the data on the server. This can happen on internal servers that are not accessible from the Internet. The attacker's website can then pivot into the internal network and access the server's data withotu