VYPR
Vendor

Scidsg

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-38521HigJun 28, 2024
    risk 0.57cvss 8.8epss 0.00

    Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.

  • CVE-2024-38523HigJun 27, 2024
    risk 0.42cvss 7.5epss 0.01

    Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS…

  • CVE-2024-55888HigDec 12, 2024
    risk 0.39cvss 7.1epss 0.00

    Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of…

  • CVE-2024-38522MedJun 28, 2024
    risk 0.00cvss 6.3epss 0.00

    Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.