The US cybersecurity agency CISA and the FBI have issued a Secure by Design alert on the prevalence of cross-site scripting (XSS) vulnerabilities. XSS flaws exist because user input is not properly validated, sanitized, or escaped, which allows threat actors to inject malicious scripts into web applications, leading to data manipulation, theft, or misuse. The two agencies have urged organizations to eliminate them from their products by taking ownership of customer security outcomes, embracing radical transparency and accountability, and building organizational structure and leadership to achieve these goals.

Read more: https://www.securityweek.com/cisa-fbi-urge-organizations-to-eliminate-xss-vulnerabilities/