The Unsecured State Part 2 - EduBase XSS (Disclosed & Fixed)

by @edent | # # # # | 6 comments | Read ~1,377 times.

This is part 2 of a series of blog posts looking at the security of the UK Government's web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the… Continue reading →