How can CORS be used to exploit the following password reset page? The back end logic checks if the user is currently logged in, and then proceeds to change the password to new password. Solution Solution: Please follow these coding as shown in below... <HTML> <BR><font color=white> <CENTER><BR><BR> <h1>Password reset page</h1> <TITLE>User Login</TITLE> <SCRIPT LANGUAGE = \"JavaScript\"> function load() { document.f1.changepassword.focus(); } function check(f1) { if(f1.changepassword.value==\'\'\'\') alert(\"check your changepassword\"); else if(f1.pwd.value==\"\"||f1.pwd.value.length<6) alert(\"check your newpassword\"); else window.open(\'home.html\'); } </SCRIPT> </HEAD></CENTER> <BR><BR> <BODY onload = \"load()\" bgcolor = #6600FF> <form name = \"f1\"> <CENTER> <B>Changepassword:</B> <form action = \"changepassword.jsp\" TYPE =\"text\"> <BR><BR> <B>Password:</B> <input name = \"newpass\" TYPE = \"password\"> <BR><BR> <INPUTTYPE=SUBMIT NAME=submit VALUE = \"Log-in\" Onclick=\"check(f1)\"> <input type =Reset></CENTER> </font> </form> </BODY> </HTML> .