Yes XSS on the official page of the ruling party. Following our announcement of the new facility Secleaks offered by SecNews.gr, we received a notification that is worth publishing. Sender of vulnerabilitys (as you will see in the first picture) is Nyo from the Greek Hacking Scene (GHS) group.
We also have the vulnerability links available to any interested manager who wants to resolve the issue.
See the images that show the vulnerability:
For those who do not know:
Provided Cross-site scripting or CSS refers to the exploitation of various computer system vulnerabilities by inserting HTML or Javascript code into a site. A malicious user could inject code into a website, through an input text for example, which since it would not be filtered by the website properly, could cause problems for the administrator or visitor of the target website.
Example:
http://www.example.com/index.html?name=
The malicious user could succeed:
Theft of personal passwords/accounts etc data
Change website settings
Theft of cookies
Fake advertising (via, e.g., a link)
Vulnerability refers to the weakness of the system that the site supports to filter and reject any harmful inputs.
SecNews.gr remains at the disposal of any interested party to solve the problem.
XSS definition from Wikipedia.
