PT-2025-50979 · Cisa · Cisa Software Acquisition Guide Supplier Response Web Tool

Published

2025-12-12

Updated

2026-01-02

CVE-2025-67634

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CISA Software Acquisition Guide Supplier Response Web Tool versions prior to 2025-12-11

Description The CISA Software Acquisition Guide Supplier Response Web Tool was susceptible to cross-site scripting through text fields. An attacker could potentially execute JavaScript code within a user's browser by convincing them to import a specially crafted JSON file. The JavaScript would execute when the user submits the page.

Recommendations Update the CISA Software Acquisition Guide Supplier Response Web Tool to version 2025-12-11 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-67634

Affected Products

Cisa Software Acquisition Guide Supplier Response Web Tool

CVE-2025-67634

Weakness Enumeration

Related Identifiers

Affected Products

References · 9