CVE-2025-67634

CVE-2025-67634 concerns the CISA Software Acquisition Guide Supplier Response Web Tool prior to 2025-12-11, which is affected by cross-site scripting via text fields when a user imports a crafted JSON file. The JavaScript could load into the page and execute in the user’s browser upon submission ...