Cross-site scripting vulnerabilities were found on the NSA's forward facing web server due to "shoddily outsourced third party" Coldfusion software, researchers say.
Rustle Research researcher Horace Grant said the since patched flaws could allow attackers to impersonate NSA personnel and web traffic.
“Why are unreliable third parties creating the software that guards our national secrets?"
One of the vulnerabilities was in the careers section on the site while the other XSS bug was found in the ‘Mail to a Friend' notice.
Cross Site Scripting attacks were the most common attack type in Q3 of 2012 according to research by FireHost.
_(37).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Melbourne Cloud & Datacenter Convention 2026
_(1).jpg&h=140&w=231&c=1&s=0)
