Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mark A. Rowe (PenTest) (mark.rowepentest-limited.com)
Date: Mon Jul 01 2002 - 02:42:28 CDT
XSS bug in Betsie
Announcement date: 1st July 2002
Vulnerable versions: 1.5.11 and all versions before
Vulnerability Type : Input Validation Error
Vendor-Status: informed, new version available
A Cross-site Scripting vulnerability exists in the Betsie application.
The developer has been notified and a fixed version has been released.
Betsie stands for BBC Education Text to Speech Internet Enhancer, and is
a simple Perl script which is intended to alleviate some of the problems
experienced by people using text to speech systems for web browsing.
The Betsie perl script does not adequately validate and filter URL
input making it vulnerable to Cross-site Scripting attacks.
Cross-site Scripting example: