Today, CISA and the FBI issued another Secure by Design Alert this time focused on Eliminating Cross-Site Scripting (XSS) Vulnerabilities. This is part of an ongoing initiative to significantly reduce the prevalence of various vulnerability types. While XSS vulnerabilities are preventable and should not be present in new software products, they are still being discovered offering opportunities for exploitation by threat actors.

This acts as a reminder for all organizations implementing new software, including utilities, that XSS vulnerabilities persist.

CISA urges technology manufacturers to instruct their technical teams to review previous occurrences of these vulnerabilities and develop strategic plans to prevent them in the future. Visit CISA’s Secure by Design webpage for more information and access the full alert at CISA.