Comment: MITRE Top 25 - XSS most critical software flaw of the year
November 2024 by Sylvain Cortes, VP Strategy at Hackuity
Cross-site scripting has been identified as the most critical software flaw of the past year, according to a recent report from MITRE (https://cwe.mitre.org/top25/) The nonprofit’s latest Top 25 Most Dangerous Software Weaknesses ranking was published on November 20. It covers the most critical flaws listed in the Common Weakness Enumeration (CWEs) catalogue between June 2023 and June 2024. Sylvain Cortes, VP Strategy, Hackuity comment:
“For more than twenty years, XSS vulnerabilities have posed a significant threat to the security of web applications, and they’re still around, and coming out top on Mitre’s Top 25 Most Critical Software Flaws of this year.
They have the potential to allow for some serious damage - think MOVEit Transfer last year.
When exploited cross-site scripting flaws enable an attacker to take over your device or execute data manipulation or theft through malicious code injected into web applications.
I recommend organisations follow CISA’s Secure by Design framework as guidance to strengthen their modern web frameworks and protect them from such threats.”