Quick Hits

XSS Vulnerabilities Happen To Everybody

Cross-site scripting flaw found in UK's Cybersecurity Challenge site
You would think that of all people, the developers of the U.K.'s Cybersecurity Challenge website would be the most scrupulous about finding security vulnerabilities before they happen. But according to researchers, cross-site scripting (XSS) flaws happen to them, too.

According to a report on the Netcraft security site, an XSS vulnerability was uncovered on the Cyber Security Challenge UK website -- before the site had even been made ready for candidates to register.

The Cybersecurity Challenge was established by a management consortium of key figures in cybersecurity, and is designed to test the mettle of security professionals.

The simple coding error was demonstrated by James Wheare, according to the report. Wheare told Netcraft that he was prompted to look for the hole after reading a friend's tweet and noticed insufficient encoding in the page's tags.

Netcraft says it has informed the Cybersecurity Challenge about the flaw.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.