GHSA-7WW3-XVF5-CXWM: GHSA-7ww3-xvf5-cxwm: Missing Defense-in-Depth HTTP Headers in ciguard Web UI

1 / 2

GHSA-7WW3-XVF5-CXWM: GHSA-7ww3-xvf5-cxwm: Missing Defense-in-Depth HTTP Headers in ciguard Web UI

DEV Community·CVE Reports·27 days ago

#feUOpz7H

#releasev082 #releasev083 #security #cve #ciguard #headers

Reading 0:00

15s threshold

GHSA-7ww3-xvf5-cxwm: Missing Defense-in-Depth HTTP Headers in ciguard Web UI Vulnerability ID: GHSA-7WW3-XVF5-CXWM CVSS Score: 4.3 Published: 2026-05-05 The ciguard Web UI (versions prior to 0.8.2) lacks essential HTTP security headers. This absence exposes the application to client-side attacks, including Clickjacking, potential Cross-Site Scripting (XSS) via lack of Content-Security-Policy (CSP), and supply-chain risks due to missing Sub-Resource Integrity (SRI) checks on external CDN assets. TL;DR ciguard < 0.8.2 is missing critical security headers like CSP and X-Frame-Options, allowing clickjacking and CDN-based attacks. The vulnerability was patched in version 0.8.2 by implementing custom security middleware.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-7WW3-XVF5-CXWM: GHSA-7ww3-xvf5-cxwm: Missing Defense-in-Depth HTTP Headers in ciguard Web UI