Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Legality WHISTLEBLOWING Missing Critical HTTP Security Headers
Vulnerability Description
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy (with CSP delivered via HTML meta elements being inadequate). The absence of these headers weakens browser-side defenses and increases exposure to client-side attacks such as cross-site scripting, clickjacking, referer leakage, and cross-origin data disclosure.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
DigitalPA Legality WHISTLEBLOWING 安全漏洞
Vulnerability Description
DigitalPA Legality WHISTLEBLOWING是意大利DigitalPA公司的一个用于管理举报的软件系统。 DigitalPA Legality WHISTLEBLOWING存在安全漏洞,该漏洞源于缺少关键HTTP安全头,可能导致跨站脚本和点击劫持攻击。
CVSS Information
N/A
Vulnerability Type
N/A