← Volver a CVEs
CVE-2025-34413
N/ADescripcion
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy (with CSP delivered via HTML meta elements being inadequate). The absence of these headers weakens browser-side defenses and increases exposure to client-side attacks such as cross-site scripting, clickjacking, referer leakage, and cross-origin data disclosure.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado12/9/2025
Ultima modificacion12/9/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-693
Referencias
https://seclists.org/fulldisclosure/2025/Dec/0(disclosure@vulncheck.com)
https://www.digitalpa.net/en/whistleblowing-software-features/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/legality-whisteblowing-missing-critical-http-security-headers(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.