CISA’s Secure-Software Buying Tool Had a Simple XSS Vulnerability of Its Own

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

A Cybersecurity and Infrastructure Security Agency tool dedicated to helping government agencies buy secure software turned out to have a cybersecurity vulnerability of its own. Jeff Williams, the former leader of the Open Worldwide Application Security Project (OWASP), told CyberScoop that he discovered a cross-site scripting vulnerability in CISA’s “Software Acquisition Guide: Supplier Response Web Tool” and reported it to CISA in September, b…

CISA’s Secure-software Buying Tool Had A Simple XSS Vulnerability Of Its Own - Cybernoz - Cybersecurity News

Open the article to view the coverage from cybernoz.com