Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.
Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.
“Why are unreliable third parties creating the software that guards our national secrets?"
One of the vulnerabilities was in the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.
Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.