AI Score
Confidence
High
EPSS
Percentile
46.8%
A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.
blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed
portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover