XSS vulnerabilities and anti virus vendors

Team Elite, a team of white hackers, disclosed last week Cross Site Scripting (XSS) vulnerabilities on the sites of three antivirus vendors: Symantec, ESET, and Panda Security. All three vendors promptly closed the vulnerabilities. The mere fact that the sites of security specialists host such well-known vulnerabilities highlights the difficult to create a clean secure software/site.

XSS is probably one of the most spread (and faster growing) vulnerability on the Web. The next issue of the security newsletter (#17, to be issued within a fortnight) will touch this issue of XSS. XSS is to Web sites what buffer overflow is to normal software: a well-known issue that nevertheless always appears.

The site of Team Elite is a nice repository of many vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *