Eurostar Chatbot Exposes Prompt Injection and XSS
Pen Test Partners researchers reported four vulnerabilities in Eurostar's public AI chatbot in a blog published this week, finding prompt-injection and HTML-injection flaws that could expose system prompts and enable XSS or phishing. Eurostar eventually patched some issues after delayed disclosure handling and allegedly accused the researchers of "blackmail" during follow-up. The flaws highlight risks from chatbots that forward full conversation history without verifying earlier messages.
Key Points
- 1Finds four vulnerabilities enabling prompt injection and HTML injection leading to system-prompt leakage
- 2Shows guardrail design flaw: only latest message safety-checked, allowing earlier messages to be tampered
- 3Creates plausible stored XSS and phishing risks; practitioners must verify history, IDs, and encode HTML
Scoring Rationale
Practical, verified vulnerability research with high credibility, but limited to a single company's chatbot and partially patched.
Sources
Public references used for this report.
Practice with real Logistics & Shipping data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Logistics & Shipping problems
