A reader of iGuRu.gr contacted us via email to inform us of an XSS vulnerability he discovered on a websiteσελίδα of Whatsup.gr.
The message states:
"Good evening,
… ..The blank is of type XSS and is on its page http://m.whatsup.gr/
We have sent you similar ones in the past security gaps, where you have published them, and in some there was a response from the responsible administrators, that is why we are now also sending you the blank on the WhatsUp page, so that the responsible ones can deal with it.
I have attached the image that clearly shows the XSS, of course and for the sake of truth I can send you exactly the blank. "
Followed by another email with the address that has the problem. We won't publish the XSS of course, but it's here for anyone from the WhatsUp admin team to check.
Here is the screenshot sent to us by our reader who announced the security gap.