A reader of iGuRu.gr informed us in an e-mail that he discovered XSS vulnerability in the Panteion University of Social and Political Sciences page.
Together with the vulnerability report, we also provided an image that demonstrates the security gap.
Provided Cross-site scripting ή XSS (δεν ονομάζεται CSS γιατί υπάρχει ήδη η ονομασία αρχείων .css) αναφερόμαστε στην εκμετάλλευση διάφορων ευπαθειών (vulnerabilitiescomputer systems by entering HTML code or javascript on a website.
A malicious user could enter code on a website through an entry text, for example, which would not cause the web site administrator or visitor to filter out the site properly. example:
https://test-selida.gr?name=alert("Τίτλος xss") script >The malicious user could succeed:
Theft of passwords / accounts etc of personal data
Change website settings
Theft of cookies
Fake advertising (via, e.g., a link)Vulnerability refers to the weakness of the system that the site supports to filter and reject any harmful inputs.
In case the site administrators are interested in more information, they can contact us at info@iguru.gr to promote their vulnerability.
Description XSS: Wikipedia