CNNVD-202512-2273 Information
CNNVD ID
CNNVD-202512-2273
Related CVE
- CNNVD Published: 2025-12-12
Description (Chinese)
CISA Software Acquisition Guide Supplier Response Web Tool是美国CISA组织的一个交互式Web工具。 CISA Software Acquisition Guide Supplier Response Web Tool 2025-12-11之前版本存在安全漏洞,该漏洞源于文本字段存在跨站脚本漏洞,可能导致执行恶意JavaScript。
Description (English)
CISA Software Action Guide Suppleier Reponse Web Tool is an interactive Web tool organized by the United States CISA. There was a security loophole in the pre-cissA Software Action Guide Supplier Reponse Web Tool 2025-12-11 version, which stemmed from the cross-site script gap in the text field, which could lead to the implementation of malicious JavaScript.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
网络安全与基础设施安全局
Published
2025-12-12
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-345-01.json https://www.cisa.gov/software-acquisition-guide/tool https://www.cve.org/CVERecord?id=CVE-2025-67634
Patch
https://www.cisa.gov/software-acquisition-guide/tool
Share on: