CVE-2024-55888

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-1021
View all →

Vulnerability Description

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.

Related Vulnerabilities

CVE-2019-3639

HIGH
CVSS:7.1(High)

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains a...

CWE-10212019

CVE-2021-0963

HIGH
CVSS:7.1(High)

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no ...

CWE-10212021

CVE-2021-34087

HIGH
CVSS:7.1(High)

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the setti...

CWE-10212021

CVE-2024-0669

HIGH
CVSS:7.1(High)

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe...

CWE-10212024

CVE-2025-1940

HIGH
CVSS:7.1(High)

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only ...

CWE-10212025

CVE-2019-2125

HIGH
CVSS:7.3(High)

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without th...

CWE-10212019