Yes XSS on the official page of the ruling party. Following our announcement of the new facility Secleaks offered by SecNews.gr, we received a notice that is worth publishing. The sender of the vulnerability (as you will see in the first picture) is Nyo from the Greek Hacking Scene (GHS) team.
The links of the vulnerability are also available to us, for any interested administrator who wishes to resolve it problem.
See the images that show the vulnerability:
For those who do not know:
By the term Cross-site scripting or XSS we refer to the exploitation of various vulnerabilities (vulnerabilities) computer systems by inserting HTML or Javascript code into a site. Someone malicious user, could inject code into a website, through an input text for example, which since it would not be filtered by the website properly, could cause problems to the administrator or visitor of the target website.
Example:
http://www.example.com/index.html?name=
The malicious user could succeed:
Theft of passwords / accounts etc of personal data
Change website settings
Theft of cookies
Fake advertising (via, for example, a link)
Vulnerability refers to the weakness of the system that supports the webspace to filter and reject any harmful inputs.
SecNews.gr remains at the disposal of any interested party to solve the problem.
Definition of XSS from Wikipedia.
