Disability site vulnerable to XSS attack

By
Follow google news

Betsie under threat.

A BBC page has been detected as being at risk to cross site scripting (XSS).

ProCheckUp has published a vulnerability showing that the Betsie (BBC education text to speech internet enhancer) page is vulnerable to XSS with the ability to inject malicious characters into the requested path. Additionally, Betsie discloses the webroot when the parser.pl program is called without any parameters.

The system is designed to give people with disabilities easier access to the internet by converting web pages into graphic-free, text-only versions used by text-to-speech systems.

ProCheckUp claimed that an attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link to a Betsie site and such code would run within the context of the target domain.

Rolando Fuentes, security consultant at ProCheckUp, claimed that this type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (such as session IDs) to unauthorised third parties.

“It's disappointing to find common threats such as these targeted at systems designed to support people with disabilities ,” said Fuentes.

See original article on scmagazineuk.com


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
attackbbccrossdisabilityscriptingsecuritysitevulnerablexss

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

Poor WA gov M365 security led to $71k theft and children's data breached
Health and Aged Care CISO retires

Health and Aged Care CISO retires
US medical device maker Stryker's Microsoft environment attacked

US medical device maker Stryker's Microsoft environment attacked
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?