A BBC page has been detected as being at risk to cross site scripting (XSS).
ProCheckUp has published a vulnerability showing that the Betsie (BBC education text to speech internet enhancer) page is vulnerable to XSS with the ability to inject malicious characters into the requested path. Additionally, Betsie discloses the webroot when the parser.pl program is called without any parameters.
The system is designed to give people with disabilities easier access to the internet by converting web pages into graphic-free, text-only versions used by text-to-speech systems.
ProCheckUp claimed that an attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link to a Betsie site and such code would run within the context of the target domain.
Rolando Fuentes, security consultant at ProCheckUp, claimed that this type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (such as session IDs) to unauthorised third parties.
“It's disappointing to find common threats such as these targeted at systems designed to support people with disabilities ,” said Fuentes.
See original article on scmagazineuk.com
Disability site vulnerable to XSS attack
Betsie under threat.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Partner Content
Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility
Partner Content
What Embracing the AI Platform Shift Really Means
Partner Content
ElasticON Sydney 2025: Deriving value from your data with Search AI
Partner Content
Transforming Australian Insurance Operations, Customer Service and Fraud Detection with AI and ML
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
