Vulnerability in Digitalpa S.r.l. Legality Whistleblowing
CVE-2025-34413
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-…
EPSS: 0.004 (29.3th percentile) — read the EPSS interpretation.
Affected products
- Digitalpa S.r.l. Legality Whistleblowing — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)