Home > Vulnerability Database > CVE-2024-55888

Mend.io Vulnerability Database

CVE-2024-55888

Date: December 12, 2024

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.

Language: Python

Severity Score

7.1

Related Resources (3)

Url: https://github.com/scidsg/hushline/security/advisories/GHSA-m592-g8qv-hrqx

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-55888

Url: https://www.mend.io/vulnerability-database/CVE-2024-55888

Severity Score

7.1

Weakness Type (CWE)

Improper Restriction of Rendered UI Layers or Frames

CWE-1021

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-55888

Date: December 12, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?