Aerith Gainsborough

#39070of 53,633
7.1Total CVSS
Vulnerabilities · 1
PT-2025-50148
7.1
2025-12-09
Digitalpa · Legality Whistleblowing · CVE-2025-34413
**Name of the Vulnerable Software and Affected Versions** Legality WHISTLEBLOWING by DigitalPA (affected versions not specified) **Description** A protection mechanism failure exists due to the omission of critical HTTP security headers by default. Specifically, `Content-Security-Policy`, `Referrer-Policy`, `Permissions-Policy`, `Cross-Origin-Embedder-Policy`, `Cross-Origin-Opener-Policy`, and `Cross-Origin-Resource-Policy` are not emitted. The use of Content Security Policy delivered via HTML meta elements is considered inadequate. This weakens browser-side defenses and increases the risk of client-side attacks, including cross-site scripting, clickjacking, referer leakage, and cross-origin data disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.