Another GOV.UK XSS Flaw

Her Majesty’s Inspectorate of Constabulary (HMIC) are the police who police the police.

As the Police policers you'd expect their website to be copper-bottomed. That they would detect anything amiss when inspecting their thin blue links. Mind you, some web developers are a law unto themselves.

Yeah, yeah, these puns are unbearable.

Fine. Whatever.

Amusing Photo by kind permission of the inimitable Paul Clark.
Amusing photo by kind permission of the inimitable Paul Clarke.

As I was responsibly disclosing the flaw, the HMIC team were busy moving to a shiny new website which is mercifully free of the problem.

If you're running a website - especially a Government one - please take the time to understand the risks involved.

It only remains for me to ask the eternal question: quis custodiet ipsos custodes custos telam?

Evenin' all.

Read more about "The Unsecured State", a series of blog posts examining security mishaps of UK Government websites.

Leave a Reply

Your email address will not be published. Required fields are marked *