His reader iGuRu.gr, J0k3R-GR, notified us of an XSS vulnerability in the browser game ikariam.gr. Here is the notification e-mail that was also sent to the website managers.
"See her picture, I found a security hole in your website, it is XSS (proof in the image), it can be used for malicious purposes.”
And the proof of vulnerability
The image link to a higher resolution
http://postimg.org/image/
Continuing J0k3R-GR reports:
The vulnerabilities XSS we exploit them by inserting HTML code or javascript on one page. This code does not filter and thus may cause corruption in the website code.
So a malicious user can cause: