Industry Newsllmchatboteurostarweb security
Eurostar Chatbot Exposes Conversation Injection Vulnerability
|
7.0
Security researcher Ross Donald reported a vulnerability in the Eurostar website chatbot that allows conversation-injection via the API. The JavaScript client sent the entire conversation to the LLM backend while guardrails were applied only to the latest message, enabling injected payloads and HTML/JavaScript in responses. Although Donald could not access other customers' data, the flaw demonstrates a practical risk requiring full-context validation.
Scoring Rationale
Actionable, widely applicable vulnerability affecting web chatbots + limited by single-source disclosure and no customer data breach
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
Used by DS/ML engineers at top companies
High-Value Overnight OrdersEasyDelivered International ShipmentsMediumOn-Time Delivery Rate by CarrierHard
250 free problems · No credit card
See all Logistics & Shipping problems
