Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Content Security Policy appears to be missing in software and production setup
Vulnerability Description
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
不当限制渲染UI层或帧
Vulnerability Title
Hush Line 安全漏洞
Vulnerability Description
Hush Line是Science & Design开源的一个免费开源匿名举报热线服务。 Hush Line 0.1.0版本至0.3.5之前版本存在安全漏洞,该漏洞源于生产服务器配置错误,没有提供任何内容安全策略或安全标头,可能导致绕过跨站脚本过滤器。
CVSS Information
N/A
Vulnerability Type
N/A