A reader of iGuRu.gr μας πληροφόρησε με ένα e-mail, ότι ανακάλυψε ευπάθεια XSS στη σελίδα of Pantheon University of Social and Political Sciences.
Along with reporting the vulnerability, he provided us with an image that proves it security gap.
With the term Cross-site scripting or XSS (it's not called CSS because the name already exists files .css) αναφερόμαστε στην εκμετάλλευση διάφορων ευπαθειών (vulnerabilities) υπολογιστικών συστημάτων με εισαγωγή κώδικα HTML ή Javascript σε κάποιο ιστοχώρο.
A malicious user could enter code on a website through an entry text, for example, which would not cause the web site administrator or visitor to filter out the site properly. example:
https://test-selida.gr?name=alert("Τίτλος xss") script >The malicious user could succeed:
Theft of passwords / accounts etc of personal data
Change website settings
Theft of cookies
Fake advertising (via, for example, a link)Vulnerability refers to the weakness of the system that the site supports to filter and reject any harmful inputs.
In case the site administrators are interested in more information, they can contact us at info@iguru.gr to promote their vulnerability.
Description XSS: Wikipedia