Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenBlow Missing Critical Security Headers
Vulnerability Description
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML <meta> tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources.
CVSS Information
N/A
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
OpenBlow 安全漏洞
Vulnerability Description
OpenBlow是意大利OpenBlow公司的一个机构内部接受匿名举报及保护举报人隐私的网络系统。 OpenBlow存在安全漏洞,该漏洞源于缺少关键HTTP响应头,可能导致跨站脚本、点击劫持和referer泄漏。
CVSS Information
N/A
Vulnerability Type
N/A