Peaches Posted June 29, 2010 Report Share Posted June 29, 2010 Several Symantec Websites Vulnerable to Cross-Site ScriptingCould be exploited in targeted attacks Several websites belonging to security giant Symantec are vulnerable to cross-site scripting (XSS) attacks, according to a security enthusiast who discovered multiple flaws. The vulnerabilities could be leveraged to increase the credibility of email targeted attacks. According to the XSSed project, who published mirrors of these proof-of-concept XSS attacks, the vulnerabilities were reported over the weekend by a researcher calling himself d3v1l. The bugs affect three distinct websites hosted under the symantec.com domain.One of the flaws is located in a language selection field on symantec.com/connect/, a site dedicated to the company's community of business customers and partners. A second one is found in a feedback form loaded from seer.entsupport.symantec.com, a subdomain associated with the knowledge base for enterprise products. The third one is in the German section on the service1.symantec.com subdomain, which is part of international support site. Cross-site scripting, also known as XSS, is one of the most common type of vulnerabilities on the Internet today. The bugs stem from a failure to properly sanitize input passed via forms, giving attackers the ability to pass content that gets interpreted as code. More details here: http://news.softpedi...ng-145608.shtml Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.