This is part 2 of a series of blog posts looking at the security of the UK Government’s web infrastructure.
Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the case.
Don’t Press This Button
Pressing this button will send a POST request to the Department of Education’s EduBase website.