Unknown · Openblow Whistleblowing Platform · CVE-2025-34114
**Name of the Vulnerable Software and Affected Versions**
OpenBlow whistleblowing platform (affected versions not specified)
**Description**
A client-side security misconfiguration exists due to the absence of critical HTTP response headers, including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Enforcement of Content Security Policy (CSP) via HTML `<meta>` tags is ineffective, as modern browsers prioritize header-based enforcement.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.