The Vulnerability triggered when you explicitly add Origin Header in your Request Body and it reflects back in Response. I collect the POC from Google. Just replace the example.com with the Vulnerable Web-Site.