The Unsecured State Part 2 – EduBase XSS (Disclosed & Fixed)

by @edent | # # # # | 6 comments | Read ~1,421 times.

This is part 2 of a series of blog posts looking at the security of the UK Government’s web infrastructure. Many XSS flaws rely on altering the GET parameters of a request. Some webmasters seem to think that if their forms only use POST they will be immune from the XSS. This is not the…

Continue reading →

The Unsecured State Part 1 – UK Parliament XSS Flaw (Disclosed & Fixed)

by @edent | # # # # | 5 comments | Read ~1,603 times.

This is part 1 of a series of blog posts looking at the security of the UK Government’s web infrastructure. The UK Parliament website is pretty great. It houses a huge amount of historical information, lets people easily see what’s happening in the Commons and the Lords, and is run by some really clever people.…

Continue reading →