Vulnerability Management

XSS remains as top MITRE software weakness

MITRE sign at its headquarters at Bedford Campus in Bedford, MA, USA. The Mitre Corporation is an American not-for-profit organization.

MITRE has named cross-site scripting as the most threatening software vulnerability for the second year in a row, according to SecurityWeek.

SQL injection and cross-site request forgery rose one position from last year to place second and third, respectively, followed by missing authorization and out-of-bounds write, which ranked third last year, noted the updated Common Weakness Enumeration Top 25 Most Dangerous Software Weaknesses list. Rounding out the top 10 were path traversal, use-after-free, code injection, out-of-bounds read, and OS command injection.

Newly added to this year's list are half a dozen entries, including three types of buffer overflows, authorization bypass via user-controlled key, improper access control, and resource allocation without limits or throttling. Meanwhile, multiple weaknesses, such as improper privilege management, use of hardcoded credentials, and integer overflow, have exited the list.

Such a list was noted by the Cybersecurity and Infrastructure Security Agency to curb vulnerabilities, while increasing customer trust, cost efficiency, and awareness.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds