Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Software Acquisition Guide Supplier Response Web Tool XSS
Vulnerability Description
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CISA Software Acquisition Guide Supplier Response Web Tool 安全漏洞
Vulnerability Description
CISA Software Acquisition Guide Supplier Response Web Tool是美国CISA组织的一个交互式Web工具。 CISA Software Acquisition Guide Supplier Response Web Tool 2025-12-11之前版本存在安全漏洞,该漏洞源于文本字段存在跨站脚本漏洞,可能导致执行恶意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A