High severity7.1NVD Advisory· Published Dec 12, 2024· Updated Apr 15, 2026

CVE-2024-55888

Description

Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue.

Patches

147de7297bf1

https://github.com/scidsg/hushlinevia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/scidsg/hushline/security/advisories/GHSA-m592-g8qv-hrqxnvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000