Another GOV.UK XSS Flaw

by @edent | # # # | Read ~186 times.

Her Majesty’s Inspectorate of Constabulary (HMIC) are the police who police the police.

As the Police policers you'd expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves.

Yeah, yeah, these puns are unbearable.

Fine. Whatever.

Amusing Photo by kind permission of the inimitable Paul Clark.

Amusing photo by kind permission of the inimitable Paul Clarke.

As I was responsibly disclosing the flaw, the HMIC team were busy moving to a shiny new website which is mercifully free of the problem.

If you're running a website - especially a Government one - please take the time to understand the risks involved.

It only remains for me to ask the eternal question: quis custodiet ipsos custodes custos telam?

Evenin' all.


Read more about "The Unsecured State", a series of blog posts examining security mishaps of UK Government websites.

Support this blog

Enjoyed this blog post? You can say thanks to the author in the following ways:

Donate to charity
Give to charity.
Buy me a birthday present
Amazon Wishlist
Get me a coffee
Donate on Ko-Fi.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.