Posted by Aerith Gainsborough via Fulldisclosure on Dec 01
Advisory ID: LEGALITYWHISTLEBLOWING-2025-001
Title: Missing Critical Security Headers in Legality WHISTLEBLOWING
Date: 2025-11-29
Vendor: DigitalPA (segnalazioni.net)
Severity: High
CVSS v3.1 Base Score: 8.2 (High)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Summary:
Multiple public deployments of Legality WHISTLEBLOWING by DigitalPA
are missing essential HTTP security headers.
This misconfiguration exposes users to client-side attacks…
– Read More – Full Disclosure
