Yes XSS on the official page of the ruling party. Following our announcement of the new facility Secleaks offered by SecNews.gr, we received a notice that is worth publishing. The sender of the vulnerability (as you will see in the first picture) is Nyo from the Greek Hacking Scene (GHS) team.
We also have the vulnerability links available to any interested manager who wants to resolve the issue.
See the images that show the vulnerability:
For those who do not know:
Cross-site scripting or XSS refers to the exploitation of various vulnerabilities of computing systems by inserting HTML or Javascript into a site. A malicious user could enter code on a website through an entry text for example, which would not cause the site administrator or visitor to target the site because it would not be filtered by the site properly.
Example:
http://www.example.com/index.html?name=<script>alert("xss revealed")</script> |
The malicious user could succeed:
Theft of passwords / accounts etc of personal data
Change website settings
Theft of cookies
Fake advertising (via, for example, a link)
Vulnerability refers to the weakness of the system that the site supports to filter and reject any harmful inputs.
SecNews.gr remains at the disposal of any interested party to solve the problem.
Definition of XSS from Wikipedia.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Wallpaper contest of upcoming Ubuntu 17.04 (Zesty Zapus)
»
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators