CNNVD-202512-1227 Information

Dec 09, 2025 cve

CNNVD ID

CNNVD-202512-1227

CVE-2025-34413

  • CNNVD Published: 2025-12-09

Description (Chinese)

DigitalPA Legality WHISTLEBLOWING是意大利DigitalPA公司的一个用于管理举报的软件系统。 DigitalPA Legality WHISTLEBLOWING存在安全漏洞,该漏洞源于缺少关键HTTP安全头,可能导致跨站脚本和点击劫持攻击。

Description (English)

DigitalPA Legality WHISTLEBLOWING is a software system used by Italian company DigitalPA to manage reporting. There is a security loophole in DigitalPA Legality WHISTLEBLOING, which stems from the lack of a key HTTP security head, which could lead to cross-site scripts and hijacking attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

DigitalPA

Published

2025-12-09

Last Modified

2026-02-24

References

https://seclists.org/fulldisclosure/2025/Dec/0 https://www.digitalpa.net/en/whistleblowing-software-features/ https://www.vulncheck.com/advisories/legality-whisteblowing-missing-critical-

Share on: