Cybersecurity Researcher Discovers XSS Vulnerability in CISA's Secure Software Buying Tool

A cybersecurity researcher identified an XSS (Cross-Site Scripting) vulnerability in a tool developed by the Cybersecurity and Infrastructure Security Agency (CISA) for purchasing secure software. The flaw was reported to the agency in September 2023 and patched in December 2023. No malicious exploitation or concrete impact is mentioned in the article. The report comes from Contrast Security, without additional technical details about the vulnerability.