MITRE has named cross-site scripting as the most threatening software vulnerability for the second year in a row, according to SecurityWeek.SQL injection and cross-site request forgery rose one position from last year to place second and third, respectively, followed by missing authorization and out-of-bounds write, which ranked third last year, noted the updated Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses list. Rounding out the top 10 were path traversal, use-after-free, code injection, out-of-bounds read, and OS command injection.Newly added to this year's list are half a dozen entries, including three types of buffer overflows, authorization bypass via user-controlled key, improper access control, and resource allocation without limits or throttling. Meanwhile, multiple weaknesses, such as improper privilege management, use of hardcoded credentials, and integer overflow, have exited the list.Such a list was noted by the Cybersecurity and Infrastructure Security Agency to curb vulnerabilities, while increasing customer trust, cost efficiency, and awareness.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




