VYPR

Software Acquisition Guide Tool

by Cisagov

CVEs (1)

  • CVE-2025-67634Dec 12, 2025
    risk 0.00cvss epss 0.00

    The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The…