Photo of Terence Eden. He has a beard and is smiling.

Another GOV.UK XSS Flaw

· 200 words · read ~208 times.

Her Majesty’s Inspectorate of Constabulary (HMIC) are the police who police the police.

As the Police policers you'd expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves.

Yeah, yeah, these puns are unbearable.

Fine. Whatever.

Amusing Photo by kind permission of the inimitable Paul Clark.

Amusing photo by kind permission of the inimitable Paul Clarke.

As I was responsibly disclosing the flaw, the HMIC team were busy moving to a shiny new website which is mercifully free of the problem.

If you're running a website - especially a Government one - please take the time to understand the risks involved.

It only remains for me to ask the eternal question: quis custodiet ipsos custodes custos telam?

Evenin' all.

Read more about "The Unsecured State", a series of blog posts examining security mishaps of UK Government websites.

Share this post on…

  • Mastodon
  • Facebook
  • LinkedIn
  • BlueSky
  • Threads
  • Reddit
  • HackerNews
  • Lobsters
  • WhatsApp
  • Telegram

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.

Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">