bc3-zap-report-2024-12-27

Alerts

1. Risk=Medium, Confidence=High (3)

   1. https://bc3.edu (3)

      1. CSP: Wildcard Directive (1)

         1. GET https://bc3.edu/_showcase/faculty/tabitha-addison.html

            Alert tags	OWASP_2021_A05 OWASP_2017_A06
            Alert description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
            Other info	The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: script-src, style-src, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, form-action The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.
            Request	Request line and header section (345 bytes) GET https://bc3.edu/_showcase/faculty/tabitha-addison.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (500 bytes) HTTP/1.1 404 Not Found Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (196 bytes) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>
            Parameter	Content-Security-Policy
            Evidence	default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com;
            Solution	Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

      2. CSP: script-src unsafe-inline (1)

         1. GET https://bc3.edu/_showcase/faculty/tabitha-addison.html

            Alert tags	OWASP_2021_A05 OWASP_2017_A06
            Alert description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
            Other info	script-src includes unsafe-inline.
            Request	Request line and header section (345 bytes) GET https://bc3.edu/_showcase/faculty/tabitha-addison.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (500 bytes) HTTP/1.1 404 Not Found Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (196 bytes) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>
            Parameter	Content-Security-Policy
            Evidence	default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com;
            Solution	Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

      3. CSP: style-src unsafe-inline (1)

         1. GET https://bc3.edu/_showcase/faculty/tabitha-addison.html

            Alert tags	OWASP_2021_A05 OWASP_2017_A06
            Alert description	Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
            Other info	style-src includes unsafe-inline.
            Request	Request line and header section (345 bytes) GET https://bc3.edu/_showcase/faculty/tabitha-addison.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (500 bytes) HTTP/1.1 404 Not Found Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 196 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (196 bytes) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL was not found on this server.</p> </body></html>
            Parameter	Content-Security-Policy
            Evidence	default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com;
            Solution	Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

2. Risk=Medium, Confidence=Medium (1)

   1. https://bc3.edu (1)

      1. Cross-Domain Misconfiguration (1)

         1. GET https://bc3.edu/_resources/css/dataTables.bootstrap5.css

            Alert tags	OWASP_2021_A01 OWASP_2017_A05
            Alert description	Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
            Other info	The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
            Request	Request line and header section (356 bytes) GET https://bc3.edu/_resources/css/dataTables.bootstrap5.css HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/_showcase/index.html Request body (0 bytes)
            Response	Status line and header section (641 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/css; charset=utf-8 Content-Length: 13549 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Last-Modified: Mon, 18 Nov 2024 19:52:56 GMT ETag: "34ed-62735434b8688" Accept-Ranges: bytes Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (13549 bytes) @charset "UTF-8"; table.dataTable td.dt-control { text-align: center; cursor: pointer; } table.dataTable td.dt-control:before { height: 1em; width: 1em; margin-top: -9px; display: inline-block; color: white; border: 0.15em solid white; border-radius: 1em; box-shadow: 0 0 0.2em #444; box-sizing: content-box; text-align: center; text-indent: 0 !important; font-family: "Courier New", Courier, monospace; line-height: 1em; content: "+"; background-color: #31b131; } table.dataTable tr.dt-hasChild td.dt-control:before { content: "-"; background-color: #d33333; } table.dataTable thead > tr > th.sorting span, table.dataTable thead > tr > th.sorting_asc span, table.dataTable thead > tr > th.sorting_desc span, table.dataTable thead > tr > th.sorting_asc_disabled span, table.dataTable thead > tr > th.sorting_desc_disabled span, table.dataTable thead > tr > td.sorting span, table.dataTable thead > tr > td.sorting_asc span, table.dataTable thead > tr > td.sorting_desc span, table.dataTable thead > tr > td.sorting_asc_disabled span, table.dataTable thead > tr > td.sorting_desc_disabled span { cursor: pointer; position: relative; padding-right: 26px; } table.dataTable thead > tr > th.sorting span:before, table.dataTable thead > tr > th.sorting span:after, table.dataTable thead > tr > th.sorting_asc span:before, table.dataTable thead > tr > th.sorting_asc span:after, table.dataTable thead > tr > th.sorting_desc span:before, table.dataTable thead > tr > th.sorting_desc span:after, table.dataTable thead > tr > th.sorting_asc_disabled span:before, table.dataTable thead > tr > th.sorting_asc_disabled span:after, table.dataTable thead > tr > th.sorting_desc_disabled span:before, table.dataTable thead > tr > th.sorting_desc_disabled span:after, table.dataTable thead > tr > td.sorting span:before, table.dataTable thead > tr > td.sorting span:after, table.dataTable thead > tr > td.sorting_asc span:before, table.dataTable thead > tr > td.sorting_asc span:after, table.dataTable thead > tr > td.sorting_desc span:before, table.dataTable thead > tr > td.sorting_desc span:after, table.dataTable thead > tr > td.sorting_asc_disabled span:before, table.dataTable thead > tr > td.sorting_asc_disabled span:after, table.dataTable thead > tr > td.sorting_desc_disabled span:before, table.dataTable thead > tr > td.sorting_desc_disabled span:after { position: absolute; display: block; opacity: 0.125; right: 5px; line-height: 9px; font-size: 0.9em; } table.dataTable thead > tr > th.sorting span:before, table.dataTable thead > tr > th.sorting_asc span:before, table.dataTable thead > tr > th.sorting_desc span:before, table.dataTable thead > tr > th.sorting_asc_disabled span:before, table.dataTable thead > tr > th.sorting_desc_disabled span:before, table.dataTable thead > tr > td.sorting span:before, table.dataTable thead > tr > td.sorting_asc span:before, table.dataTable thead > tr > td.sorting_desc span:before, table.dataTable thead > tr > td.sorting_asc_disabled span:before, table.dataTable thead > tr > td.sorting_desc_disabled span:before { bottom: 54%; font-family: "Font Awesome 5 Free"; content: "\f0d8"; display: inline-block; margin-left: 0.5em; vertical-align: 0.5em; content: ""; border-top: 0.5em solid; border-right: 0.5em solid transparent; border-bottom: 0; border-left: 0.5em solid transparent; transform: rotate(180deg); } table.dataTable thead > tr > th.sorting span:after, table.dataTable thead > tr > th.sorting_asc span:after, table.dataTable thead > tr > th.sorting_desc span:after, table.dataTable thead > tr > th.sorting_asc_disabled span:after, table.dataTable thead > tr > th.sorting_desc_disabled span:after, table.dataTable thead > tr > td.sorting span:after, table.dataTable thead > tr > td.sorting_asc span:after, table.dataTable thead > tr > td.sorting_desc span:after, table.dataTable thead > tr > td.sorting_asc_disabled span:after, table.dataTable thead > tr > td.sorting_desc_disabled span:after { top: 56%; font-family: "Font Awesome 5 Free"; content: "\f0d7"; display: inline-block; margin-left: 0.5em; vertical-align: 0.5em; content: ""; border-top: 0.5em solid; border-right: 0.5em solid transparent; border-bottom: 0; border-left: 0.5em solid transparent; } table.dataTable thead > tr > th.sorting_asc span:before, table.dataTable thead > tr > th.sorting_desc span:after, table.dataTable thead > tr > td.sorting_asc span:before, table.dataTable thead > tr > td.sorting_desc span:after { opacity: 0.6; } table.dataTable thead > tr > th.sorting_desc_disabled span:after, table.dataTable thead > tr > th.sorting_asc_disabled span:before, table.dataTable thead > tr > td.sorting_desc_disabled span:after, table.dataTable thead > tr > td.sorting_asc_disabled span:before { display: none; } table.dataTable thead > tr > th:active, table.dataTable thead > tr > td:active { outline: none; } div.dataTables_scrollBody table.dataTable thead > tr > th:before, div.dataTables_scrollBody table.dataTable thead > tr > th:after, div.dataTables_scrollBody table.dataTable thead > tr > td:before, div.dataTables_scrollBody table.dataTable thead > tr > td:after { display: none; } div.dataTables_processing { position: absolute; top: 50%; left: 50%; width: 200px; margin-left: -100px; margin-top: -26px; text-align: center; padding: 2px; } div.dataTables_processing > div:last-child { position: relative; width: 80px; height: 15px; margin: 1em auto; } div.dataTables_processing > div:last-child > div { position: absolute; top: 0; width: 13px; height: 13px; border-radius: 50%; background: rgba(13, 110, 253, 0.9); animation-timing-function: cubic-bezier(0, 1, 1, 0); } div.dataTables_processing > div:last-child > div:nth-child(1) { left: 8px; animation: datatables-loader-1 0.6s infinite; } div.dataTables_processing > div:last-child > div:nth-child(2) { left: 8px; animation: datatables-loader-2 0.6s infinite; } div.dataTables_processing > div:last-child > div:nth-child(3) { left: 32px; animation: datatables-loader-2 0.6s infinite; } div.dataTables_processing > div:last-child > div:nth-child(4) { left: 56px; animation: datatables-loader-3 0.6s infinite; } @keyframes datatables-loader-1 { 0% { transform: scale(0); } 100% { transform: scale(1); } } @keyframes datatables-loader-3 { 0% { transform: scale(1); } 100% { transform: scale(0); } } @keyframes datatables-loader-2 { 0% { transform: translate(0, 0); } 100% { transform: translate(24px, 0); } } table.dataTable.nowrap th, table.dataTable.nowrap td { white-space: nowrap; } table.dataTable th.dt-left, table.dataTable td.dt-left { text-align: left; } table.dataTable th.dt-center, table.dataTable td.dt-center, table.dataTable td.dataTables_empty { text-align: center; } table.dataTable th.dt-right, table.dataTable td.dt-right { text-align: right; } table.dataTable th.dt-justify, table.dataTable td.dt-justify { text-align: justify; } table.dataTable th.dt-nowrap, table.dataTable td.dt-nowrap { white-space: nowrap; } table.dataTable thead th, table.dataTable thead td, table.dataTable tfoot th, table.dataTable tfoot td { text-align: left; } table.dataTable thead th.dt-head-left, table.dataTable thead td.dt-head-left, table.dataTable tfoot th.dt-head-left, table.dataTable tfoot td.dt-head-left { text-align: left; } table.dataTable thead th.dt-head-center, table.dataTable thead td.dt-head-center, table.dataTable tfoot th.dt-head-center, table.dataTable tfoot td.dt-head-center { text-align: center; } table.dataTable thead th.dt-head-right, table.dataTable thead td.dt-head-right, table.dataTable tfoot th.dt-head-right, table.dataTable tfoot td.dt-head-right { text-align: right; } table.dataTable thead th.dt-head-justify, table.dataTable thead td.dt-head-justify, table.dataTable tfoot th.dt-head-justify, table.dataTable tfoot td.dt-head-justify { text-align: justify; } table.dataTable thead th.dt-head-nowrap, table.dataTable thead td.dt-head-nowrap, table.dataTable tfoot th.dt-head-nowrap, table.dataTable tfoot td.dt-head-nowrap { white-space: nowrap; } table.dataTable tbody th.dt-body-left, table.dataTable tbody td.dt-body-left { text-align: left; } table.dataTable tbody th.dt-body-center, table.dataTable tbody td.dt-body-center { text-align: center; } table.dataTable tbody th.dt-body-right, table.dataTable tbody td.dt-body-right { text-align: right; } table.dataTable tbody th.dt-body-justify, table.dataTable tbody td.dt-body-justify { text-align: justify; } table.dataTable tbody th.dt-body-nowrap, table.dataTable tbody td.dt-body-nowrap { white-space: nowrap; } /*! Bootstrap 5 integration for DataTables * * ©2020 SpryMedia Ltd, all rights reserved. * License: MIT datatables.net/license/mit */ table.dataTable { clear: both; margin-top: 6px !important; margin-bottom: 6px !important; max-width: none !important; border-collapse: separate !important; border-spacing: 0; } table.dataTable td, table.dataTable th { -webkit-box-sizing: content-box; box-sizing: content-box; } table.dataTable td.dataTables_empty, table.dataTable th.dataTables_empty { text-align: center; } table.dataTable.nowrap th, table.dataTable.nowrap td { white-space: nowrap; } table.dataTable.table-striped > tbody > tr:nth-of-type(2n + 1) > * { box-shadow: none; } table.dataTable > tbody > tr { background-color: transparent; } table.dataTable > tbody > tr.selected > * { box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9); color: white; } table.dataTable.table-striped > tbody > tr.odd > * { box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05); } table.dataTable.table-striped > tbody > tr.odd.selected > * { box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.95); } table.dataTable.table-hover > tbody > tr:hover > * { box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.075); } table.dataTable.table-hover > tbody > tr.selected:hover > * { box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.975); } div.dataTables_wrapper div.dataTables_length label { font-weight: normal; text-align: left; white-space: nowrap; } div.dataTables_wrapper div.dataTables_length select { width: auto; display: inline-block; } div.dataTables_wrapper div.dataTables_filter { text-align: right; } div.dataTables_wrapper div.dataTables_filter label { font-weight: normal; white-space: nowrap; text-align: left; } div.dataTables_wrapper div.dataTables_filter input { margin-left: 0.5em; display: inline-block; width: auto; } div.dataTables_wrapper div.dataTables_info { padding-top: 0.85em; } div.dataTables_wrapper div.dataTables_paginate { margin: 0; white-space: nowrap; text-align: right; } div.dataTables_wrapper div.dataTables_paginate ul.pagination { margin: 2px 0; white-space: nowrap; justify-content: flex-end; } div.dataTables_scrollHead table.dataTable { margin-bottom: 0 !important; } div.dataTables_scrollBody > table { border-top: none; margin-top: 0 !important; margin-bottom: 0 !important; } div.dataTables_scrollBody > table > thead .sorting:before, div.dataTables_scrollBody > table > thead .sorting_asc:before, div.dataTables_scrollBody > table > thead .sorting_desc:before, div.dataTables_scrollBody > table > thead .sorting:after, div.dataTables_scrollBody > table > thead .sorting_asc:after, div.dataTables_scrollBody > table > thead .sorting_desc:after { display: none; } div.dataTables_scrollBody > table > tbody tr:first-child th, div.dataTables_scrollBody > table > tbody tr:first-child td { border-top: none; } div.dataTables_scrollFoot > .dataTables_scrollFootInner { box-sizing: content-box; } div.dataTables_scrollFoot > .dataTables_scrollFootInner > table { margin-top: 0 !important; border-top: none; } @media screen and (max-width: 767px) { div.dataTables_wrapper div.dataTables_length, div.dataTables_wrapper div.dataTables_filter, div.dataTables_wrapper div.dataTables_info, div.dataTables_wrapper div.dataTables_paginate { text-align: center; } div.dataTables_wrapper div.dataTables_paginate ul.pagination { justify-content: center !important; } } table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) { padding-right: 20px; } table.table-bordered.dataTable { border-right-width: 0; } table.table-bordered.dataTable thead tr:first-child th, table.table-bordered.dataTable thead tr:first-child td { border-top-width: 1px; } table.table-bordered.dataTable th, table.table-bordered.dataTable td { border-left-width: 0; } table.table-bordered.dataTable th:first-child, table.table-bordered.dataTable th:first-child, table.table-bordered.dataTable td:first-child, table.table-bordered.dataTable td:first-child { border-left-width: 1px; } table.table-bordered.dataTable th:last-child, table.table-bordered.dataTable th:last-child, table.table-bordered.dataTable td:last-child, table.table-bordered.dataTable td:last-child { border-right-width: 1px; } table.table-bordered.dataTable th, table.table-bordered.dataTable td { border-bottom-width: 1px; } div.dataTables_scrollHead table.table-bordered { border-bottom-width: 0; } div.table-responsive > div.dataTables_wrapper > div.row { margin: 0; } div.table-responsive > div.dataTables_wrapper > div.row > div[class^="col-"]:first-child { padding-left: 0; } div.table-responsive > div.dataTables_wrapper > div.row > div[class^="col-"]:last-child { padding-right: 0; }
            Evidence	Access-Control-Allow-Origin: *
            Solution	Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance). Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.

3. Risk=Medium, Confidence=Low (1)

   1. https://bc3.edu (1)

      1. Absence of Anti-CSRF Tokens (1)

         1. GET https://bc3.edu/_showcase/index.html

            Alert tags	OWASP_2021_A01 WSTG-v42-SESS-05 OWASP_2017_A05
            Alert description	No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf. CSRF attacks are effective in a number of situations, including: * The victim has an active session on the target site. * The victim is authenticated via HTTP auth on the target site. * The victim is on the same local network as the target site. CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
            Other info	No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "program-search" ].
            Request	Request line and header section (276 bytes) GET https://bc3.edu/_showcase/index.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache Request body (0 bytes)
            Response	Status line and header section (546 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains content-length: 36101 Response body (36101 bytes) <!DOCTYPE HTML><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Homepage</title> <link rel="canonical" href="https://bc3.edu/_showcase/index.html"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- this is the headcode include --> <!-- Google Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap" rel="stylesheet"> <!-- Bootstrap 5.3.3 CSS --> <link rel="stylesheet" href="/_resources/css/bootstrap.min.css"> <!-- Font Awescome CDN --> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.5.1/css/all.css"> <link rel="stylesheet" href="/_resources/css/totopstyle.css"> <link rel="stylesheet" href="/_resources/css/lightbox.css"> <link rel="stylesheet" href="/_resources/css/dataTables.bootstrap5.css"> <!-- Always load custom styles last --> <link rel="stylesheet" href="/_resources/css/styles.css"> <link rel="stylesheet" href="/_resources/css/main-header.css"> <link rel="stylesheet" href="/_resources/css/footer.css"> <link rel="stylesheet" href="/_resources/css/styles-responsive.css"> <link rel="stylesheet" href="/_resources/css/print.css" media="print"> <link rel="stylesheet" href="/_resources/css/oustyles.css" /> <ouc:editor wysiwyg="no"/> <!-- Insert google analytics here --> <meta name="dynamicContentTracking" data-modern-campus-p13n-account="8b3e8f08-c6f0-46ce-9c68-027c7341224b" data-dynamic-content='{"dynamicContent":[]}'> <script type="text/javascript" src="https://bc3.edu/cms-p13n.js"></script> <script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script> </head> <body><ouc:editor wysiwyg="no"/><header class="main-header L5-header" id="site-navigation"> <div class="top-nav d-none d-lg-block"> <div class="row"> <div class="col-4"> <div><a href="#mybc3" title="myBC3"><img src="/_resources/images/myBC3.png" alt="myAdmissions Icon"></a><a href="#myadmissions" title="myBC3"><img src="/_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a></div> </div> <div class="col-8 d-flex justify-content-end"> <div><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle top-nav-dropdown" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> <div class="search-container"> <div class="gcse-search"></div> </div> </div> </div> </div> </div> <nav class="navbar navbar-expand-lg" title="Main Navigation"> <div class="row"> <div class="col-8 col-lg-3"><a class="navbar-brand" href="/"><img src="/_resources/images/logo.png" alt="logo"></a></div> <div class="col-4 d-lg-none d-flex justify-content-end"><button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation"><span class="fa fa-bars"></span></button></div> <div class="col-12 mx-0 px-0 col-lg-9"> <div class="collapse navbar-collapse" id="navbarNavDropdown"> <div class="top-nav-mobile d-block d-lg-none"> <div class="search-container"> <div class="gcse-search"></div> </div><a href="#" title="myBC3"><img src="_resources/images/myBC3.png" alt="myBC3 Icon"></a><a href="#" title="myBC3"><img src="_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> </div> <div class="navbar-nav"> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Programs </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#program-finder" target="">Program Finder</a></li> <li><a class="dropdown-item" href="#academic-divisions" target="">Academic Divisions</a></li> <li><a class="dropdown-item" href="#accreditations" target="">Accreditations</a></li> <li><a class="dropdown-item" href="#high-school-programs" target="">High School Programs</a></li> <li><a class="dropdown-item" href="#virtual-programs" target="">Virtual Programs</a></li> <li><a class="dropdown-item" href="#ged-esl" target="">GED &amp; ESL</a></li> <li><a class="dropdown-item" href="#workforce-public-safety" target="">Workforce &amp; Public Safety</a></li> <li><a class="dropdown-item" href="#ged-esl-again" target="">GED &amp; ESL</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Admissions &amp; Aid </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog-again" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Pioneer Life </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Community </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Who We Are </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </nav> </header> <main class="content" id="main-content"> <div class="index-video"> <div class="index-video-bg" style="background-image: url('/_resources/images/placeholders/nav-3.jpg');"> <div class="video-caption"> <h1>Take the Next Step</h1> <p>Lorem ipsum dolor sit amet consectetur adipisicing elit. Quaerat, iure fugiat saepe labore et itaque id recusandae molestias quas nihil delectus est, nobis dolorum adipisci ea qui quisquam voluptate voluptatum.</p><a href="#1" class="btn btn-default">Start Application</a><a href="#2" class="btn btn-default">Schedule Visit</a></div><button type="button" class="play-pause" title="play/pause"><span class="fa fa-pause"></span><span class="sr-only">Pause Video</span></button><div data-bs-video="/_resources/images/placeholders/main-video.mp4" data-bs-type="video/mp4" data-bs-image="/_resources/images/placeholders/nav-3.jpg"><video id="myVideo" autoplay="" muted="" loop="" playsinline=""> <source src="/_resources/images/placeholders/main-video.mp4" type="video/mp4"></video></div> </div> </div> <div class="section bg-gray"> <div class="container"> <div class="row"> <div class="col-12 col-lg-10 offset-lg-1"> <div class="introductory-box text-center"> <h2>Find Your Program</h2> <div class="buttons-wrap"> <a href="/_showcase/programs/index.html?&amp;location=locationFilter_6" class="btn btn-default btn-highlight">Virtual Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_2" class="btn btn-default btn-highlight">Certificate Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_0,classificationFilter_1" class="btn btn-default btn-highlight">Degree Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_3" class="btn btn-default btn-highlight">Non-Credit Certificates</a> </div> <div class="program-search"> <form action="/search" method="get"> <label for="program-search" class="sr-only">Search Programs</label> <input id="program-search" type="text" name="search" placeholder="Search By Interest..."> <button type="submit" class="program-search-btn"> <span class="sr-only">Search</span> <span class="fa fa-search"></span> </button> </form> </div> </div> </div> </div> </div> </div> <div class="section section-with-background dark" style="background:linear-gradient(0deg, rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0.5)),no-repeat center center/cover url('/_resources/images/placeholders/bg.jpg');"> <div class="container"> <div class="row"> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-thumbs-up"></span> </div> <h2>150 Years</h2> <p>of Academic Excellence</p> </div> </a> </div> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-users"></span> </div> <h2>18.8</h2> <p>Average On-Campus Class Size</p> </div> </a> </div> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-home"></span> </div> <h2>200+</h2> <p>Scholarship Offerings</p> </div> </a> </div> </div> </div> </div> <div class="section campus-list"> <div class="container"> <div class="row"> <div class="col-12 text-center mb-4"> <h2>Explore our Campuses</h2> <p class="lead">Lorem ipsum dolor sit amet consectetur. Aliquet pretium amet lectus eget vitae neque duis vulputate tincidunt. Sit ut sed vel amet risus. Sit ut sed vel amet risus.</p> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Main Campus</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Armstrong</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Brockway</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Cranberry</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Lawrence Crossing</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>LindenPointe</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> </div> </div> </div> <div class="section bg-primary cta-box"> <div class="container"> <div class="row"> <div class="col-12 col-md-8 col-xl-10 mb-3 mb-lg-0"> <p class="fw-bold"> Apply to BC3 Today </p> <p class="h2"> Start your journey as a Pioneer! </p> </div> <div class="col-12 col-md-4 col-xl-2 d-flex align-items-center"> <a href="#" target="_self" class="btn btn-default btn-highlight"> <span class="font-size-sm">Visitors Guide</span> </a> </div> </div> </div> </div> <p> <div class="section"> <div class="container"> <div class="row"> <div class="col-12"> <div class="row"><div class="col-lg-6"> <div class="card"> <a href="/_showcase/blogs/article-2.html"> <div> <div class="card-img-top-small" style="background-image: url(/_resources/images/placeholders/slide-2.jpg);"> </div> </div> <div class="card-body"> <h3 class="news-card-title">Article 2</h3> <p class="news-card-date">January 29, 2024</p> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec in lobortis ante, sit amet vehicula neque. Nulla gravida lorem at urna iaculis semper. Nullam sit amet convallis lacus. Duis eu mauris ut libero ultricies fringilla ut id mauris. Phasellus...</p> </div> </a> </div></div><div class="col-lg-6"> <div class="card"> <a href="/_showcase/blogs/article-1.html"> <div> <div class="card-img-top-small" style="background-image: url(/_resources/images/placeholders/slide-2.jpg);"> </div> </div> <div class="card-body"> <h3 class="news-card-title">Article 1</h3> <p class="news-card-date">May 24, 2023</p> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec in lobortis ante, sit amet vehicula neque. Nulla gravida lorem at urna iaculis semper. Nullam sit amet convallis lacus. Duis eu mauris ut libero ultricies fringilla ut id mauris. Phasellus...</p> </div> </a> </div></div></div> <div class="news-events-footer"><a href="#news" target="_blank" class="news"> View All News <span class="fa fa-chevron-right"></span></a></div> </div> </div> </div> </div> <div class="section events-box"> <div class="container"> <div class="row"> <div class="col-12 col-lg-3 events-title-col d-flex align-items-center"> <div> <h2 class="text-black">Events</h2><a href="/_showcase/calendar.html" target="_blank"> View All <strong class="fa fa-chevron-right px-2"></strong></a></div> </div> <div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/10598a4f-3bc1-4317-9234-a7b7a9bb1309"> <span>Dec 31</span> <span>Test Event</span> <span>All Day</span> </a> </div> </div><div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/2f695886-9656-4ef3-9376-921f5f873781"> <span>Jan 9</span> <span>Test Event 2</span> <span>11:00 AM</span> </a> </div> </div><div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/523c76bf-d398-48ec-b7ab-68d7c5dd9671"> <span>Jan 22</span> <span>Test Event 3</span> <span>All Day</span> </a> </div> </div></div> </div> </div> </p> <div class="section"> <div class="container"> <div class="row"> <div class="col-12 text-center"> <p class="h2">Hear From Our Pioneers</p> </div> </div> </div> <div id="d21e437" class="carousel carousel-dark slide" data-bs-ride="carousel"> <div class="carousel-indicators"><button type="button" data-bs-target="#d21e437" data-bs-slide-to="0" class="active" aria-current="true" aria-label="Slide 1"></button><button type="button" data-bs-target="#d21e437" data-bs-slide-to="1" class="" aria-current="true" aria-label="Slide 2"></button><button type="button" data-bs-target="#d21e437" data-bs-slide-to="2" class="" aria-current="true" aria-label="Slide 3"></button></div> <div class="carousel-inner"> <div class="carousel-item testimonial-slide active"> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-3 col-lg-2"><img src="/_resources/images/placeholders/testimonial.jpg" alt=".//img/@alt" class="testimonial-img"></div> <div class="col-12 col-md-9 col-lg-10"> <div class="testimonial-info"> <div> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> <div class="carousel-item testimonial-slide "> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-10 offset-md-1"> <div class="testimonial-info"> <div> <p>Testimonial no image... consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> <div class="carousel-item testimonial-slide "> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-3 col-lg-2"><img src="/_resources/images/placeholders/testimonial.jpg" alt=".//img/@alt" class="testimonial-img"></div> <div class="col-12 col-md-9 col-lg-10"> <div class="testimonial-info"> <div> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> </div><button class="carousel-control-prev" type="button" data-bs-target="#d21e437" data-bs-slide="prev"><span class="carousel-control-prev-icon" aria-hidden="true"></span><span class="visually-hidden">Previous</span></button><button class="carousel-control-next" type="button" data-bs-target="#d21e437" data-bs-slide="next"><span class="carousel-control-next-icon" aria-hidden="true"></span><span class="visually-hidden">Next</span></button></div> </div> </main> <footer id="footer"><img src="/_resources/images/seal-white.png" alt="" class="footer-seal "><div class="container"> <div class="row"> <div class="col-lg-4"><a href="/"><img class="footer-logo" src="/_resources/images/logo-white.png" alt="logo"></a><div class="copyright"><span id="directedit">©</span> Butler County Community College is accredited by the Middle States Commission on Higher Education.</div> <ul class="footer-address"> <li class="location"><a href="https://www.google.com/"> 107 College Drive <br> Butler, PA 16002 </a></li> <li><a href="tel:7242878711">724-287-8711</a></li> </ul> <ul class="footer-social nav "> <li class="nav-item"><a href="#fb" class="social-icon"><span class="fa-brands fa-facebook"></span><span class="sr-only">Facebook</span></a></li> <li class="nav-item"><a href="#tw" class="social-icon"><span class="fa-brands fa-x-twitter"></span><span class="sr-only">Twitter</span></a></li> <li class="nav-item"><a href="#ig" class="social-icon"><span class="fa-brands fa-instagram"></span><span class="sr-only">Instagram</span></a></li> <li class="nav-item"><a href="#yt" class="social-icon"><span class="fa-brands fa-youtube"></span><span class="sr-only">YouTube</span></a></li> <li class="nav-item"><a href="#li" class="social-icon"><span class="fa-brands fa-linkedin"></span><span class="sr-only">LinkedIn</span></a></li> </ul> </div> <div class="col-lg-6 offset-lg-1"> <div class="row footer-nav justify-content-center"> <p class="h3 mb-4">Resources</p> <ul class="list-unstyled"> <li><a href="#directory" target="">Directory</a></li> <li><a href="#main-campus-map" target="">Main Campus Map</a></li> <li><a href="#job-openings" target="">Job Openings</a></li> <li><a href="#bc3-alerts" target="">BC3 Alerts</a></li> </ul> </div> </div> </div> </div> <div class="copyright text-center"> <div class="container"> <hr> <div class="row"> <div class="col-12"> <ul class="list-inline"> <li class="list-inline-item"><a href="#privacy-statement" target="">Privacy Statement</a></li> <li class="list-inline-item"><a href="#non-discrimination" target="">Non-Discrimination</a></li> <li class="list-inline-item"><a href="#accessibility" target="">Accessibility</a></li> <li class="list-inline-item"><a href="#equal-opportunity" target="">Equal Opportunity</a></li> <li class="list-inline-item"><a href="#legal-statements" target="">Legal Statements</a></li> </ul> </div> </div> </div> </div> </footer><button data-bs-target="#0" class="cd-top"><span class="sr-only">Back to Top</span></button> <script src="/_resources/js/jquery-3.7.1.min.js"></script> <script src="/_resources/js/bootstrap.bundle.min.js"></script> <script src="/_resources/js/lightbox.js"></script> <script src="/_resources/js/scripts.js"></script> <script src="/_resources/js/full-header.js"></script> <script src="/_resources/js/ou.js"></script> <script async src="https://cse.google.com/cse.js?cx=033f9f27f8d054a1d"> </script> <div id="ou-hidden" style="display:none;"><a id="de" rel="nofollow" href="https://a.cms.omniupdate.com/11/?skin=oucampus&amp;account=bc3&amp;site=bc3cms&amp;action=de&amp;path=/_showcase/index.pcf">©</a></div><script> if(document.getElementById("de") != null && document.getElementById("directedit")) { var link = document.getElementById("de").parentNode.innerHTML; document.getElementById("de").parentNode.innerHTML = ""; document.getElementById("directedit").innerHTML = link.replace(/^\s+|\s+$/gm,''); } </script></body> </html>
            Evidence	<form action="/search" method="get">
            Solution	Phase: Architecture and Design Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, use anti-CSRF packages such as the OWASP CSRFGuard. Phase: Implementation Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script. Phase: Architecture and Design Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330). Note that this can be bypassed using XSS. Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation. Note that this can be bypassed using XSS. Use the ESAPI Session Management control. This control includes a component for CSRF. Do not use the GET method for any request that triggers a state change. Phase: Implementation Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

4. Risk=Low, Confidence=Medium (1)

   1. https://bc3.edu (1)

      1. Cross-Domain JavaScript Source File Inclusion (1)

         1. GET https://bc3.edu/index.html

            Alert tags	OWASP_2021_A08
            Alert description	The page includes one or more script files from a third-party domain.
            Request	Request line and header section (317 bytes) GET https://bc3.edu/index.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (545 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2997 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (2997 bytes) <!DOCTYPE HTML><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Interior Full-Width</title> <link rel="canonical" href="https://bc3.edu/index.html"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- this is the headcode include --> <!-- Google Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap" rel="stylesheet"> <!-- Bootstrap 5.3.3 CSS --> <link rel="stylesheet" href="/_resources/css/bootstrap.min.css"> <!-- Font Awescome CDN --> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.5.1/css/all.css"> <link rel="stylesheet" href="/_resources/css/totopstyle.css"> <link rel="stylesheet" href="/_resources/css/lightbox.css"> <link rel="stylesheet" href="/_resources/css/dataTables.bootstrap5.css"> <!-- Always load custom styles last --> <link rel="stylesheet" href="/_resources/css/styles.css"> <link rel="stylesheet" href="/_resources/css/main-header.css"> <link rel="stylesheet" href="/_resources/css/footer.css"> <link rel="stylesheet" href="/_resources/css/styles-responsive.css"> <link rel="stylesheet" href="/_resources/css/print.css" media="print"> <link rel="stylesheet" href="/_resources/css/oustyles.css" /> <ouc:editor wysiwyg="no"/> <!-- Insert google analytics here --> <meta name="dynamicContentTracking" data-modern-campus-p13n-account="8b3e8f08-c6f0-46ce-9c68-027c7341224b" data-dynamic-content='{"dynamicContent":[]}'> <script type="text/javascript" src="https://bc3.edu/cms-p13n.js"></script> <script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script> </head> <body><ouc:editor wysiwyg="no"/> <script src="/_resources/js/jquery-3.7.1.min.js"></script> <script src="/_resources/js/bootstrap.bundle.min.js"></script> <script src="/_resources/js/lightbox.js"></script> <script src="/_resources/js/scripts.js"></script> <script src="/_resources/js/full-header.js"></script> <script src="/_resources/js/ou.js"></script> <script async src="https://cse.google.com/cse.js?cx=033f9f27f8d054a1d"> </script> <div id="ou-hidden" style="display:none;"><!-- com.omniupdate.ob --><a id="de" rel="nofollow" href="https://a.cms.omniupdate.com/11/?skin=oucampus&amp;account=bc3&amp;site=bc3cms&amp;action=de&amp;path=/index.pcf">©</a><!-- /com.omniupdate.ob --></div><script> if(document.getElementById("de") != null && document.getElementById("directedit")) { var link = document.getElementById("de").parentNode.innerHTML; document.getElementById("de").parentNode.innerHTML = ""; document.getElementById("directedit").innerHTML = link.replace(/^\s+|\s+$/gm,''); } </script></body> </html>
            Parameter	https://matomo.personalization.moderncampus.net/matomo.js
            Evidence	<script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script>
            Solution	Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

5. Risk=Informational, Confidence=Medium (3)

   1. https://bc3.edu (3)

      1. Content-Type Header Missing (1)

         1. GET https://bc3.edu/_showcase/_nav.ounav

            Alert tags	OWASP_2021_A05 OWASP_2017_A06
            Alert description	The Content-Type header was either missing or empty.
            Request	Request line and header section (327 bytes) GET https://bc3.edu/_showcase/_nav.ounav HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (575 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Length: 222 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Last-Modified: Tue, 17 Dec 2024 14:43:21 GMT ETag: "de-62978518aace8" Accept-Ranges: bytes X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (222 bytes) <li><a href="/">Home</a></li> <li><a href="/_showcase/interior-full-width.html">Interior</a></li> <li><a href="/_showcase/blogs/news-home.php">News</a></li> <li><a href="/_showcase/faculty/index.html">Faculty</a></li>
            Parameter	content-type
            Solution	Ensure each page is setting the specific and appropriate content-type value for the content being delivered.

      2. Modern Web Application (1)

         1. GET https://bc3.edu/_showcase/programs/index.html

            Alert tags
            Alert description	The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
            Other info	Links have been found that do not have traditional href attributes, which is an indication that this is a modern web application.
            Request	Request line and header section (336 bytes) GET https://bc3.edu/_showcase/programs/index.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (546 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains content-length: 18663 Response body (18663 bytes) <!DOCTYPE HTML><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Program Finder</title> <link rel="canonical" href="https://bc3.edu/_showcase/programs/index.html"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- this is the headcode include --> <!-- Google Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap" rel="stylesheet"> <!-- Bootstrap 5.3.3 CSS --> <link rel="stylesheet" href="/_resources/css/bootstrap.min.css"> <!-- Font Awescome CDN --> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.5.1/css/all.css"> <link rel="stylesheet" href="/_resources/css/totopstyle.css"> <link rel="stylesheet" href="/_resources/css/lightbox.css"> <link rel="stylesheet" href="/_resources/css/dataTables.bootstrap5.css"> <!-- Always load custom styles last --> <link rel="stylesheet" href="/_resources/css/styles.css"> <link rel="stylesheet" href="/_resources/css/main-header.css"> <link rel="stylesheet" href="/_resources/css/footer.css"> <link rel="stylesheet" href="/_resources/css/styles-responsive.css"> <link rel="stylesheet" href="/_resources/css/print.css" media="print"> <link rel="stylesheet" href="/_resources/css/oustyles.css" /> <ouc:editor wysiwyg="no"/> <!-- Insert google analytics here --> <meta name="dynamicContentTracking" data-modern-campus-p13n-account="8b3e8f08-c6f0-46ce-9c68-027c7341224b" data-dynamic-content='{"dynamicContent":[]}'> <script type="text/javascript" src="https://bc3.edu/cms-p13n.js"></script> <script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script> </head> <body><ouc:editor wysiwyg="no"/><header class="main-header L5-header" id="site-navigation"> <div class="top-nav d-none d-lg-block"> <div class="row"> <div class="col-4"> <div><a href="#mybc3" title="myBC3"><img src="/_resources/images/myBC3.png" alt="myAdmissions Icon"></a><a href="#myadmissions" title="myBC3"><img src="/_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a></div> </div> <div class="col-8 d-flex justify-content-end"> <div><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle top-nav-dropdown" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> <div class="search-container"> <div class="gcse-search"></div> </div> </div> </div> </div> </div> <nav class="navbar navbar-expand-lg" title="Main Navigation"> <div class="row"> <div class="col-8 col-lg-3"><a class="navbar-brand" href="/"><img src="/_resources/images/logo.png" alt="logo"></a></div> <div class="col-4 d-lg-none d-flex justify-content-end"><button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation"><span class="fa fa-bars"></span></button></div> <div class="col-12 mx-0 px-0 col-lg-9"> <div class="collapse navbar-collapse" id="navbarNavDropdown"> <div class="top-nav-mobile d-block d-lg-none"> <div class="search-container"> <div class="gcse-search"></div> </div><a href="#" title="myBC3"><img src="_resources/images/myBC3.png" alt="myBC3 Icon"></a><a href="#" title="myBC3"><img src="_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> </div> <div class="navbar-nav"> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Programs </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#program-finder" target="">Program Finder</a></li> <li><a class="dropdown-item" href="#academic-divisions" target="">Academic Divisions</a></li> <li><a class="dropdown-item" href="#accreditations" target="">Accreditations</a></li> <li><a class="dropdown-item" href="#high-school-programs" target="">High School Programs</a></li> <li><a class="dropdown-item" href="#virtual-programs" target="">Virtual Programs</a></li> <li><a class="dropdown-item" href="#ged-esl" target="">GED &amp; ESL</a></li> <li><a class="dropdown-item" href="#workforce-public-safety" target="">Workforce &amp; Public Safety</a></li> <li><a class="dropdown-item" href="#ged-esl-again" target="">GED &amp; ESL</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Admissions &amp; Aid </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog-again" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Pioneer Life </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Community </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Who We Are </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </nav> </header> <main class="content" id="main-content"> <div class="page-header image-header" style="background: linear-gradient(0deg, rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0.5)), no-repeat center center/cover url(/_resources/images/placeholders/banner.jpg);"> <div class="container"> <div class="row"> <div class="col-12"> <h1>Program Finder</h1> </div> </div> </div> </div> <div class="container mt-5"> <div class="row"> <div class="col-12 col-lg-3"> <div class="sidenav-checkbox" id="programsFinderFilters"> <div class="sidenav-collapse"> <p class="side-nav-heading">Filters</p> <nav class="navbar navbar-expand-lg navbar-light" title="Program Listing Filters"><button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarMenu" aria-controls="navbarMenu" aria-expanded="false" aria-label="Toggle navigation"><span class="fas fa-chevron-down"></span><span class="fas fa-chevron-up"></span></button><div class="navbar-collapse collapse" id="navbarMenu"> <nav class="navbar navbar-expand-lg navbar-light"> <div class="sidenav-checkbox-categories"> <div class="checkbox-category"> <p class="checkbox-category-title pb-2">Area of Interest</p> <div id="area_filters"></div> </div> <div class="checkbox-category"> <p class="checkbox-category-title pb-2">Classification</p> <div id="classification_filters"></div> </div> <div class="checkbox-category"> <p class="checkbox-category-title pb-2">Location</p> <div id="location_filters"></div> </div> <div class="checkbox-category d-flex flex-column" id="copyFilteredLink"> <label for="copyFilteredLinkButton" class="checkbox-category-title pb-2">Share this list</label> <button class="btn btn-default" id="copyFilteredLinkButton" onClick="copyFilteredLink();"><span class="fa fa-clipboard"></span>&nbsp;Copy Link</button> </div> </div> </nav> </div> </nav> </div> </div> </div> <div class="col-12 col-lg-9 ps-lg-5"> <div class="row" id="programsOfStudy" aria-live="polite"></div> </div> </div> </div> </main> <footer id="footer"><img src="/_resources/images/seal-white.png" alt="" class="footer-seal "><div class="container"> <div class="row"> <div class="col-lg-4"><a href="/"><img class="footer-logo" src="/_resources/images/logo-white.png" alt="logo"></a><div class="copyright"><span id="directedit">©</span> Butler County Community College is accredited by the Middle States Commission on Higher Education.</div> <ul class="footer-address"> <li class="location"><a href="https://www.google.com/"> 107 College Drive <br> Butler, PA 16002 </a></li> <li><a href="tel:7242878711">724-287-8711</a></li> </ul> <ul class="footer-social nav "> <li class="nav-item"><a href="#fb" class="social-icon"><span class="fa-brands fa-facebook"></span><span class="sr-only">Facebook</span></a></li> <li class="nav-item"><a href="#tw" class="social-icon"><span class="fa-brands fa-x-twitter"></span><span class="sr-only">Twitter</span></a></li> <li class="nav-item"><a href="#ig" class="social-icon"><span class="fa-brands fa-instagram"></span><span class="sr-only">Instagram</span></a></li> <li class="nav-item"><a href="#yt" class="social-icon"><span class="fa-brands fa-youtube"></span><span class="sr-only">YouTube</span></a></li> <li class="nav-item"><a href="#li" class="social-icon"><span class="fa-brands fa-linkedin"></span><span class="sr-only">LinkedIn</span></a></li> </ul> </div> <div class="col-lg-6 offset-lg-1"> <div class="row footer-nav justify-content-center"> <p class="h3 mb-4">Resources</p> <ul class="list-unstyled"> <li><a href="#directory" target="">Directory</a></li> <li><a href="#main-campus-map" target="">Main Campus Map</a></li> <li><a href="#job-openings" target="">Job Openings</a></li> <li><a href="#bc3-alerts" target="">BC3 Alerts</a></li> </ul> </div> </div> </div> </div> <div class="copyright text-center"> <div class="container"> <hr> <div class="row"> <div class="col-12"> <ul class="list-inline"> <li class="list-inline-item"><a href="#privacy-statement" target="">Privacy Statement</a></li> <li class="list-inline-item"><a href="#non-discrimination" target="">Non-Discrimination</a></li> <li class="list-inline-item"><a href="#accessibility" target="">Accessibility</a></li> <li class="list-inline-item"><a href="#equal-opportunity" target="">Equal Opportunity</a></li> <li class="list-inline-item"><a href="#legal-statements" target="">Legal Statements</a></li> </ul> </div> </div> </div> </div> </footer><button data-bs-target="#0" class="cd-top"><span class="sr-only">Back to Top</span></button> <script src="/_resources/js/jquery-3.7.1.min.js"></script> <script src="/_resources/js/bootstrap.bundle.min.js"></script> <script src="/_resources/js/lightbox.js"></script> <script src="/_resources/js/scripts.js"></script> <script src="/_resources/js/full-header.js"></script> <script src="/_resources/js/ou.js"></script> <script async src="https://cse.google.com/cse.js?cx=033f9f27f8d054a1d"> </script> <div id="ou-hidden" style="display:none;"><a id="de" rel="nofollow" href="https://a.cms.omniupdate.com/11/?skin=oucampus&amp;account=bc3&amp;site=bc3cms&amp;action=de&amp;path=/_showcase/programs/index.pcf">©</a></div><script> if(document.getElementById("de") != null && document.getElementById("directedit")) { var link = document.getElementById("de").parentNode.innerHTML; document.getElementById("de").parentNode.innerHTML = ""; document.getElementById("directedit").innerHTML = link.replace(/^\s+|\s+$/gm,''); } </script><script src="/_resources/js/programs-finder.js"></script></body> </html>
            Evidence	<a href="#" title="myBC3"><img src="_resources/images/myBC3.png" alt="myBC3 Icon"></a>
            Solution	This is an informational alert and so no changes are required.

      3. User Agent Fuzzer (1)

         1. GET https://bc3.edu/_showcase

            Alert tags
            Alert description	Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
            Request	Request line and header section (190 bytes) GET https://bc3.edu/_showcase HTTP/1.1 host: bc3.edu user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) pragma: no-cache cache-control: no-cache Request body (0 bytes)
            Response	Status line and header section (546 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:41:02 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains content-length: 36101 Response body (36101 bytes) <!DOCTYPE HTML><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Homepage</title> <link rel="canonical" href="https://bc3.edu/_showcase/index.html"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- this is the headcode include --> <!-- Google Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap" rel="stylesheet"> <!-- Bootstrap 5.3.3 CSS --> <link rel="stylesheet" href="/_resources/css/bootstrap.min.css"> <!-- Font Awescome CDN --> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.5.1/css/all.css"> <link rel="stylesheet" href="/_resources/css/totopstyle.css"> <link rel="stylesheet" href="/_resources/css/lightbox.css"> <link rel="stylesheet" href="/_resources/css/dataTables.bootstrap5.css"> <!-- Always load custom styles last --> <link rel="stylesheet" href="/_resources/css/styles.css"> <link rel="stylesheet" href="/_resources/css/main-header.css"> <link rel="stylesheet" href="/_resources/css/footer.css"> <link rel="stylesheet" href="/_resources/css/styles-responsive.css"> <link rel="stylesheet" href="/_resources/css/print.css" media="print"> <link rel="stylesheet" href="/_resources/css/oustyles.css" /> <ouc:editor wysiwyg="no"/> <!-- Insert google analytics here --> <meta name="dynamicContentTracking" data-modern-campus-p13n-account="8b3e8f08-c6f0-46ce-9c68-027c7341224b" data-dynamic-content='{"dynamicContent":[]}'> <script type="text/javascript" src="https://bc3.edu/cms-p13n.js"></script> <script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script> </head> <body><ouc:editor wysiwyg="no"/><header class="main-header L5-header" id="site-navigation"> <div class="top-nav d-none d-lg-block"> <div class="row"> <div class="col-4"> <div><a href="#mybc3" title="myBC3"><img src="/_resources/images/myBC3.png" alt="myAdmissions Icon"></a><a href="#myadmissions" title="myBC3"><img src="/_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a></div> </div> <div class="col-8 d-flex justify-content-end"> <div><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle top-nav-dropdown" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> <div class="search-container"> <div class="gcse-search"></div> </div> </div> </div> </div> </div> <nav class="navbar navbar-expand-lg" title="Main Navigation"> <div class="row"> <div class="col-8 col-lg-3"><a class="navbar-brand" href="/"><img src="/_resources/images/logo.png" alt="logo"></a></div> <div class="col-4 d-lg-none d-flex justify-content-end"><button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation"><span class="fa fa-bars"></span></button></div> <div class="col-12 mx-0 px-0 col-lg-9"> <div class="collapse navbar-collapse" id="navbarNavDropdown"> <div class="top-nav-mobile d-block d-lg-none"> <div class="search-container"> <div class="gcse-search"></div> </div><a href="#" title="myBC3"><img src="_resources/images/myBC3.png" alt="myBC3 Icon"></a><a href="#" title="myBC3"><img src="_resources/images/myAdmissions.png" alt="myAdmissions Icon"></a><a href="#apply" target="">Apply</a><a href="#visit" target="">Visit</a><a href="#inquire" target="">Inquire</a><button class="dropdown-toggle" data-bs-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Info For </button><div class="dropdown-menu"><a class="dropdown-item" href="#current-students" target="">Current Students</a><a class="dropdown-item" href="#community" target="">Community</a><a class="dropdown-item" href="#faculty" target="">Faculty</a></div> </div> <div class="navbar-nav"> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Programs </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#program-finder" target="">Program Finder</a></li> <li><a class="dropdown-item" href="#academic-divisions" target="">Academic Divisions</a></li> <li><a class="dropdown-item" href="#accreditations" target="">Accreditations</a></li> <li><a class="dropdown-item" href="#high-school-programs" target="">High School Programs</a></li> <li><a class="dropdown-item" href="#virtual-programs" target="">Virtual Programs</a></li> <li><a class="dropdown-item" href="#ged-esl" target="">GED &amp; ESL</a></li> <li><a class="dropdown-item" href="#workforce-public-safety" target="">Workforce &amp; Public Safety</a></li> <li><a class="dropdown-item" href="#ged-esl-again" target="">GED &amp; ESL</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Admissions &amp; Aid </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog-again" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Pioneer Life </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Community </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> <div class="nav-dropdown-div"><a role="button" href="#" class="dropdown-toggle" data-bs-toggle="dropdown" aria-expanded="false"> Who We Are </a><div class="xl-menu"> <div class="dropdown-menu"> <ul> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> <li><a class="dropdown-item" href="#academic-calendar" target="">Academic Calendar</a></li> <li><a class="dropdown-item" href="#research-opportunities" target="">Research Opportunities</a></li> <li><a class="dropdown-item" href="#colleges-schools" target="">Colleges &amp; Schools</a></li> <li><a class="dropdown-item" href="#academic-programs" target="">Academic Programs</a></li> <li><a class="dropdown-item" href="#course-catalog" target="">Course Catalog</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </nav> </header> <main class="content" id="main-content"> <div class="index-video"> <div class="index-video-bg" style="background-image: url('/_resources/images/placeholders/nav-3.jpg');"> <div class="video-caption"> <h1>Take the Next Step</h1> <p>Lorem ipsum dolor sit amet consectetur adipisicing elit. Quaerat, iure fugiat saepe labore et itaque id recusandae molestias quas nihil delectus est, nobis dolorum adipisci ea qui quisquam voluptate voluptatum.</p><a href="#1" class="btn btn-default">Start Application</a><a href="#2" class="btn btn-default">Schedule Visit</a></div><button type="button" class="play-pause" title="play/pause"><span class="fa fa-pause"></span><span class="sr-only">Pause Video</span></button><div data-bs-video="/_resources/images/placeholders/main-video.mp4" data-bs-type="video/mp4" data-bs-image="/_resources/images/placeholders/nav-3.jpg"><video id="myVideo" autoplay="" muted="" loop="" playsinline=""> <source src="/_resources/images/placeholders/main-video.mp4" type="video/mp4"></video></div> </div> </div> <div class="section bg-gray"> <div class="container"> <div class="row"> <div class="col-12 col-lg-10 offset-lg-1"> <div class="introductory-box text-center"> <h2>Find Your Program</h2> <div class="buttons-wrap"> <a href="/_showcase/programs/index.html?&amp;location=locationFilter_6" class="btn btn-default btn-highlight">Virtual Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_2" class="btn btn-default btn-highlight">Certificate Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_0,classificationFilter_1" class="btn btn-default btn-highlight">Degree Programs</a> <a href="/_showcase/programs/index.html?&amp;classification=classificationFilter_3" class="btn btn-default btn-highlight">Non-Credit Certificates</a> </div> <div class="program-search"> <form action="/search" method="get"> <label for="program-search" class="sr-only">Search Programs</label> <input id="program-search" type="text" name="search" placeholder="Search By Interest..."> <button type="submit" class="program-search-btn"> <span class="sr-only">Search</span> <span class="fa fa-search"></span> </button> </form> </div> </div> </div> </div> </div> </div> <div class="section section-with-background dark" style="background:linear-gradient(0deg, rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0.5)),no-repeat center center/cover url('/_resources/images/placeholders/bg.jpg');"> <div class="container"> <div class="row"> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-thumbs-up"></span> </div> <h2>150 Years</h2> <p>of Academic Excellence</p> </div> </a> </div> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-users"></span> </div> <h2>18.8</h2> <p>Average On-Campus Class Size</p> </div> </a> </div> <div class="col-12 col-lg-4"> <a href="#" class="card card-borderless text-center mt-5"> <div class="card-body pb-5"> <div class="icon"> <span class="fa fa-home"></span> </div> <h2>200+</h2> <p>Scholarship Offerings</p> </div> </a> </div> </div> </div> </div> <div class="section campus-list"> <div class="container"> <div class="row"> <div class="col-12 text-center mb-4"> <h2>Explore our Campuses</h2> <p class="lead">Lorem ipsum dolor sit amet consectetur. Aliquet pretium amet lectus eget vitae neque duis vulputate tincidunt. Sit ut sed vel amet risus. Sit ut sed vel amet risus.</p> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Main Campus</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Armstrong</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-7.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Brockway</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Cranberry</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>Lawrence Crossing</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> <div class="col-6 col-lg-4"> <div class="card card-tall"> <div style=" background-image: url('/_resources/images/placeholders/news-4.jpg');" role="img" aria-label="Card Image Description" class="card-img-top"></div> <div class="card-body"> <h3>LindenPointe</h3> <a title="Main Campus" href="#" target="_self">Learn More <span class="fa fa-chevron-right"></span></a> </div> </div> </div> </div> </div> </div> <div class="section bg-primary cta-box"> <div class="container"> <div class="row"> <div class="col-12 col-md-8 col-xl-10 mb-3 mb-lg-0"> <p class="fw-bold"> Apply to BC3 Today </p> <p class="h2"> Start your journey as a Pioneer! </p> </div> <div class="col-12 col-md-4 col-xl-2 d-flex align-items-center"> <a href="#" target="_self" class="btn btn-default btn-highlight"> <span class="font-size-sm">Visitors Guide</span> </a> </div> </div> </div> </div> <p> <div class="section"> <div class="container"> <div class="row"> <div class="col-12"> <div class="row"><div class="col-lg-6"> <div class="card"> <a href="/_showcase/blogs/article-2.html"> <div> <div class="card-img-top-small" style="background-image: url(/_resources/images/placeholders/slide-2.jpg);"> </div> </div> <div class="card-body"> <h3 class="news-card-title">Article 2</h3> <p class="news-card-date">January 29, 2024</p> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec in lobortis ante, sit amet vehicula neque. Nulla gravida lorem at urna iaculis semper. Nullam sit amet convallis lacus. Duis eu mauris ut libero ultricies fringilla ut id mauris. Phasellus...</p> </div> </a> </div></div><div class="col-lg-6"> <div class="card"> <a href="/_showcase/blogs/article-1.html"> <div> <div class="card-img-top-small" style="background-image: url(/_resources/images/placeholders/slide-2.jpg);"> </div> </div> <div class="card-body"> <h3 class="news-card-title">Article 1</h3> <p class="news-card-date">May 24, 2023</p> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec in lobortis ante, sit amet vehicula neque. Nulla gravida lorem at urna iaculis semper. Nullam sit amet convallis lacus. Duis eu mauris ut libero ultricies fringilla ut id mauris. Phasellus...</p> </div> </a> </div></div></div> <div class="news-events-footer"><a href="#news" target="_blank" class="news"> View All News <span class="fa fa-chevron-right"></span></a></div> </div> </div> </div> </div> <div class="section events-box"> <div class="container"> <div class="row"> <div class="col-12 col-lg-3 events-title-col d-flex align-items-center"> <div> <h2 class="text-black">Events</h2><a href="/_showcase/calendar.html" target="_blank"> View All <strong class="fa fa-chevron-right px-2"></strong></a></div> </div> <div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/10598a4f-3bc1-4317-9234-a7b7a9bb1309"> <span>Dec 31</span> <span>Test Event</span> <span>All Day</span> </a> </div> </div><div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/2f695886-9656-4ef3-9376-921f5f873781"> <span>Jan 9</span> <span>Test Event 2</span> <span>11:00 AM</span> </a> </div> </div><div class="col-12 col-lg-3 events-col"> <div> <a href="https://bc3.edu/_showcase/calendar.html#event-details/523c76bf-d398-48ec-b7ab-68d7c5dd9671"> <span>Jan 22</span> <span>Test Event 3</span> <span>All Day</span> </a> </div> </div></div> </div> </div> </p> <div class="section"> <div class="container"> <div class="row"> <div class="col-12 text-center"> <p class="h2">Hear From Our Pioneers</p> </div> </div> </div> <div id="d21e437" class="carousel carousel-dark slide" data-bs-ride="carousel"> <div class="carousel-indicators"><button type="button" data-bs-target="#d21e437" data-bs-slide-to="0" class="active" aria-current="true" aria-label="Slide 1"></button><button type="button" data-bs-target="#d21e437" data-bs-slide-to="1" class="" aria-current="true" aria-label="Slide 2"></button><button type="button" data-bs-target="#d21e437" data-bs-slide-to="2" class="" aria-current="true" aria-label="Slide 3"></button></div> <div class="carousel-inner"> <div class="carousel-item testimonial-slide active"> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-3 col-lg-2"><img src="/_resources/images/placeholders/testimonial.jpg" alt=".//img/@alt" class="testimonial-img"></div> <div class="col-12 col-md-9 col-lg-10"> <div class="testimonial-info"> <div> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> <div class="carousel-item testimonial-slide "> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-10 offset-md-1"> <div class="testimonial-info"> <div> <p>Testimonial no image... consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> <div class="carousel-item testimonial-slide "> <div> <div class="container"> <div class="row"> <div class="col-12 col-md-3 col-lg-2"><img src="/_resources/images/placeholders/testimonial.jpg" alt=".//img/@alt" class="testimonial-img"></div> <div class="col-12 col-md-9 col-lg-10"> <div class="testimonial-info"> <div> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. In ac auctor eros, id gravida libero. Proin elit tellus, sollicitudin et ultrices a, hendrerit efficitur enim. Etiam pulvinar et risus nec pulvinar. Morbi eget enim scelerisque, imperdiet ligula sit amet, porta enim. Ut eros quam, venenatis at placerat.</p> <p><strong>Jane Doe</strong> - Title</p> </div> </div> </div> </div> </div> </div> </div> </div><button class="carousel-control-prev" type="button" data-bs-target="#d21e437" data-bs-slide="prev"><span class="carousel-control-prev-icon" aria-hidden="true"></span><span class="visually-hidden">Previous</span></button><button class="carousel-control-next" type="button" data-bs-target="#d21e437" data-bs-slide="next"><span class="carousel-control-next-icon" aria-hidden="true"></span><span class="visually-hidden">Next</span></button></div> </div> </main> <footer id="footer"><img src="/_resources/images/seal-white.png" alt="" class="footer-seal "><div class="container"> <div class="row"> <div class="col-lg-4"><a href="/"><img class="footer-logo" src="/_resources/images/logo-white.png" alt="logo"></a><div class="copyright"><span id="directedit">©</span> Butler County Community College is accredited by the Middle States Commission on Higher Education.</div> <ul class="footer-address"> <li class="location"><a href="https://www.google.com/"> 107 College Drive <br> Butler, PA 16002 </a></li> <li><a href="tel:7242878711">724-287-8711</a></li> </ul> <ul class="footer-social nav "> <li class="nav-item"><a href="#fb" class="social-icon"><span class="fa-brands fa-facebook"></span><span class="sr-only">Facebook</span></a></li> <li class="nav-item"><a href="#tw" class="social-icon"><span class="fa-brands fa-x-twitter"></span><span class="sr-only">Twitter</span></a></li> <li class="nav-item"><a href="#ig" class="social-icon"><span class="fa-brands fa-instagram"></span><span class="sr-only">Instagram</span></a></li> <li class="nav-item"><a href="#yt" class="social-icon"><span class="fa-brands fa-youtube"></span><span class="sr-only">YouTube</span></a></li> <li class="nav-item"><a href="#li" class="social-icon"><span class="fa-brands fa-linkedin"></span><span class="sr-only">LinkedIn</span></a></li> </ul> </div> <div class="col-lg-6 offset-lg-1"> <div class="row footer-nav justify-content-center"> <p class="h3 mb-4">Resources</p> <ul class="list-unstyled"> <li><a href="#directory" target="">Directory</a></li> <li><a href="#main-campus-map" target="">Main Campus Map</a></li> <li><a href="#job-openings" target="">Job Openings</a></li> <li><a href="#bc3-alerts" target="">BC3 Alerts</a></li> </ul> </div> </div> </div> </div> <div class="copyright text-center"> <div class="container"> <hr> <div class="row"> <div class="col-12"> <ul class="list-inline"> <li class="list-inline-item"><a href="#privacy-statement" target="">Privacy Statement</a></li> <li class="list-inline-item"><a href="#non-discrimination" target="">Non-Discrimination</a></li> <li class="list-inline-item"><a href="#accessibility" target="">Accessibility</a></li> <li class="list-inline-item"><a href="#equal-opportunity" target="">Equal Opportunity</a></li> <li class="list-inline-item"><a href="#legal-statements" target="">Legal Statements</a></li> </ul> </div> </div> </div> </div> </footer><button data-bs-target="#0" class="cd-top"><span class="sr-only">Back to Top</span></button> <script src="/_resources/js/jquery-3.7.1.min.js"></script> <script src="/_resources/js/bootstrap.bundle.min.js"></script> <script src="/_resources/js/lightbox.js"></script> <script src="/_resources/js/scripts.js"></script> <script src="/_resources/js/full-header.js"></script> <script src="/_resources/js/ou.js"></script> <script async src="https://cse.google.com/cse.js?cx=033f9f27f8d054a1d"> </script> <div id="ou-hidden" style="display:none;"><a id="de" rel="nofollow" href="https://a.cms.omniupdate.com/11/?skin=oucampus&amp;account=bc3&amp;site=bc3cms&amp;action=de&amp;path=/_showcase/index.pcf">©</a></div><script> if(document.getElementById("de") != null && document.getElementById("directedit")) { var link = document.getElementById("de").parentNode.innerHTML; document.getElementById("de").parentNode.innerHTML = ""; document.getElementById("directedit").innerHTML = link.replace(/^\s+|\s+$/gm,''); } </script></body> </html>
            Parameter	Header User-Agent
            Attack	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)

6. Risk=Informational, Confidence=Low (2)

   1. https://bc3.edu (2)

      1. Information Disclosure - Suspicious Comments (1)

         1. GET https://bc3.edu/_resources/js/scripts.js

            Alert tags	OWASP_2021_A01 WSTG-v42-INFO-05 OWASP_2017_A03
            Alert description	The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
            Other info	The following pattern was used: \bUSER\b and was detected in the element starting with: " // cookie to remember the user's choice and close the banner", see evidence field for the suspicious comment/snippet.
            Request	Request line and header section (330 bytes) GET https://bc3.edu/_resources/js/scripts.js HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/index.html Request body (0 bytes)
            Response	Status line and header section (632 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/javascript Content-Length: 6916 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Last-Modified: Mon, 18 Nov 2024 19:53:51 GMT ETag: "1b04-62735469b51b0" Accept-Ranges: bytes Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (6916 bytes) //Adds auto focus to search when opened $("#siteSearch").on("shown.bs.modal", function () { $("body").addClass("modal-open-search"); $("#siteSearch .form-text").focus(); }); $("#siteSearch").on("hide.bs.modal", function () { $("body").removeClass("modal-open-search"); }); $("#site-navigation").on("shown.bs.modal", function () { $("body").addClass("modal-open-menu-mobile"); }); $("#site-navigation").on("hide.bs.modal", function () { $("body").removeClass("modal-open-menu-mobile"); }); jQuery(document).ready(function ($) { var alterClass = function () { var ww = document.body.clientWidth; if (ww >= 1200) { $(".modal").modal("hide"); } }; $(window).resize(function () { alterClass(); }); //Fire it when the page first loads: alterClass(); }); //Scroll to top button jQuery(document).ready(function ($) { // browser window scroll (in pixels) after which the "back to top" link is shown var offset = 300, //browser window scroll (in pixels) after which the "back to top" link opacity is reduced offset_opacity = 1200, //duration of the top scrolling animation (in ms) scroll_top_duration = 700, //grab the "back to top" link $back_to_top = $(".cd-top"); //hide or show the "back to top" link $(window).scroll(function () { $(this).scrollTop() > offset ? $back_to_top.addClass("cd-is-visible") : $back_to_top.removeClass("cd-is-visible cd-fade-out"); if ($(this).scrollTop() > offset_opacity) { $back_to_top.addClass("cd-fade-out"); } }); //smooth scroll to top $back_to_top.on("click", function (event) { event.preventDefault(); $("body,html").animate( { scrollTop: 0, }, scroll_top_duration ); }); }); $(document).ready(function () { const year = document.getElementById("year"); if (year) { year.innerHTML = new Date().getFullYear(); } }); $(document).ready(function () { // Select all links with hashes $('a[href*="#"]') // Remove links that don't actually link to anything .not('[href="#"]') .not('[href="#0"]') .not("[data-bs-toggle]") .click(function (event) { // On-page links if ( location.pathname.replace(/^\//, "") === this.pathname.replace(/^\//, "") && location.hostname === this.hostname ) { // Figure out element to scroll to var target = $(this.hash); target = target.length ? target : $("[name=" + this.hash.slice(1) + "]"); // Does a scroll target exist? if (target.length) { // Only prevent default if animation is actually gonna happen event.preventDefault(); $("html, body").animate( { scrollTop: target.offset().top, }, 1000, function () { // Callback after animation // Must change focus! var $target = $(target); $target.focus(); if ($target.is(":focus")) { // Checking if the target was focused return false; } else { $target.attr("tabindex", "-1"); // Adding tabindex for elements not focusable $target.focus(); // Set focus again } } ); } } }); }); document.addEventListener("DOMContentLoaded", function () { "use strict"; var cookieAlert = document.querySelector(".cookiealert"); var acceptCookies = document.querySelector(".acceptcookies"); if (!cookieAlert) { return; } cookieAlert.offsetHeight; // Force browser to trigger reflow (https://stackoverflow.com/a/39451131) // Show the alert if we can't find the "acceptCookies" cookie if (!getCookie("acceptCookies")) { cookieAlert.classList.add("show"); } // When clicking on the agree button, create a 1 year // cookie to remember the user's choice and close the banner acceptCookies.addEventListener("click", function () { setCookie("acceptCookies", true, 365); cookieAlert.classList.remove("show"); }); // Cookie functions from w3schools function setCookie(cname, cvalue, exdays) { var d = new Date(); d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000); var expires = "expires=" + d.toUTCString(); document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; } function getCookie(cname) { var name = cname + "="; var decodedCookie = decodeURIComponent(document.cookie); var ca = decodedCookie.split(";"); for (var i = 0; i < ca.length; i++) { var c = ca[i]; while (c.charAt(0) === " ") { c = c.substring(1); } if (c.indexOf(name) === 0) { return c.substring(name.length, c.length); } } return ""; } }); $(document).ready(function () { var playing = true; $(".play-pause").click(function () { if (playing == false) { document.getElementById("myVideo").play(); playing = true; $(this).html("<span class='fa fa-pause'></span>"); } else { document.getElementById("myVideo").pause(); playing = false; $(this).html("<span class='fa fa-play'></span>"); } }); }); function hasTouch() { return ( "ontouchstart" in document.documentElement || navigator.maxTouchPoints > 0 || navigator.msMaxTouchPoints > 0 ); } if (hasTouch()) { // remove all the :hover stylesheets try { // prevent exception on browsers not supporting DOM styleSheets properly for (var si in document.styleSheets) { var styleSheet = document.styleSheets[si]; if (!styleSheet.rules) continue; for (var ri = styleSheet.rules.length - 1; ri >= 0; ri--) { if (!styleSheet.rules[ri].selectorText) continue; if (styleSheet.rules[ri].selectorText.match(":hover")) { styleSheet.deleteRule(ri); } } } } catch (ex) {} } // keep side nav open on desktop view // Detect screen width and remove data-bs-toggle attribute on larger screens window.addEventListener("DOMContentLoaded", function () { const sidenavHeading = document.querySelector( ".sidenav-accordion .sidenav-heading" ); const accordionMainCollapse = document.querySelector( ".sidenav-accordion .accordion-main-collapse" ); function handleToggle() { const screenWidth = window.innerWidth; if (screenWidth >= 991) { // Adjust the breakpoint as needed accordionMainCollapse.classList.add("show"); sidenavHeading.removeAttribute("data-bs-toggle"); } else { accordionMainCollapse.classList.remove("show"); sidenavHeading.setAttribute("data-bs-toggle", "collapse"); } } if (sidenavHeading) { handleToggle(); // Call the function on page load // Call the function when the window is resized window.addEventListener("resize", handleToggle); } });
            Evidence	user
            Solution	Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

      2. Re-examine Cache-control Directives (1)

         1. GET https://bc3.edu/index.html

            Alert tags	WSTG-v42-ATHN-06
            Alert description	The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
            Request	Request line and header section (317 bytes) GET https://bc3.edu/index.html HTTP/1.1 host: bc3.edu user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 OPR/102.0.0.0 pragma: no-cache cache-control: no-cache referer: https://bc3.edu/sitemap.xml Request body (0 bytes)
            Response	Status line and header section (545 bytes) HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 18:35:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2997 Connection: keep-alive X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Content-Security-Policy: default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; Access-Control-Allow-Origin: * Vary: Accept-Encoding X-Robots-Tag: noindex, nofollow Server: director Strict-Transport-Security: max-age=31536000; includeSubDomains Response body (2997 bytes) <!DOCTYPE HTML><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>Interior Full-Width</title> <link rel="canonical" href="https://bc3.edu/index.html"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <!-- this is the headcode include --> <!-- Google Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&display=swap" rel="stylesheet"> <!-- Bootstrap 5.3.3 CSS --> <link rel="stylesheet" href="/_resources/css/bootstrap.min.css"> <!-- Font Awescome CDN --> <link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.5.1/css/all.css"> <link rel="stylesheet" href="/_resources/css/totopstyle.css"> <link rel="stylesheet" href="/_resources/css/lightbox.css"> <link rel="stylesheet" href="/_resources/css/dataTables.bootstrap5.css"> <!-- Always load custom styles last --> <link rel="stylesheet" href="/_resources/css/styles.css"> <link rel="stylesheet" href="/_resources/css/main-header.css"> <link rel="stylesheet" href="/_resources/css/footer.css"> <link rel="stylesheet" href="/_resources/css/styles-responsive.css"> <link rel="stylesheet" href="/_resources/css/print.css" media="print"> <link rel="stylesheet" href="/_resources/css/oustyles.css" /> <ouc:editor wysiwyg="no"/> <!-- Insert google analytics here --> <meta name="dynamicContentTracking" data-modern-campus-p13n-account="8b3e8f08-c6f0-46ce-9c68-027c7341224b" data-dynamic-content='{"dynamicContent":[]}'> <script type="text/javascript" src="https://bc3.edu/cms-p13n.js"></script> <script type="text/javascript" src="https://matomo.personalization.moderncampus.net/matomo.js"></script> </head> <body><ouc:editor wysiwyg="no"/> <script src="/_resources/js/jquery-3.7.1.min.js"></script> <script src="/_resources/js/bootstrap.bundle.min.js"></script> <script src="/_resources/js/lightbox.js"></script> <script src="/_resources/js/scripts.js"></script> <script src="/_resources/js/full-header.js"></script> <script src="/_resources/js/ou.js"></script> <script async src="https://cse.google.com/cse.js?cx=033f9f27f8d054a1d"> </script> <div id="ou-hidden" style="display:none;"><!-- com.omniupdate.ob --><a id="de" rel="nofollow" href="https://a.cms.omniupdate.com/11/?skin=oucampus&amp;account=bc3&amp;site=bc3cms&amp;action=de&amp;path=/index.pcf">©</a><!-- /com.omniupdate.ob --></div><script> if(document.getElementById("de") != null && document.getElementById("directedit")) { var link = document.getElementById("de").parentNode.innerHTML; document.getElementById("de").parentNode.innerHTML = ""; document.getElementById("directedit").innerHTML = link.replace(/^\s+|\s+$/gm,''); } </script></body> </html>
            Parameter	cache-control
            Solution	For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".