Where: https://retire.insecurity.today/#!/scan/bdc2399622a0f523b9a2796dc8f5d9be6b14c3159d0c1ec38906cfa983fc4682
See error in code:
-home.bt.com/etc.clientlibs/clientlibs/granite/jquery.min.js41 sources and 18 sinks found in: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fhome.bt.com%2Fetc.clientlibs%2Fclientlibs%2Fgranite%2Fjquery.min.js
status: saved 113230 bytes 48b04ed0c0b60d52b03bb9e6bf18b02d7a40ec89
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined variable cI
file: 48b04ed0c0b60d52b03bb9e6bf18b02d7a40ec89: 113230 bytes
Why? $.parseHTML has ( lots ) of xss issues and can’t be labeled as secure in its current implementation
polonus (volunteer website security analyst and website error-hunter)