Security researcher Dhaval Chauhan reported an XSS vulnerability in Symantec's eval.symantec.com website. After visiting a specially crafted URL and clicking through certain options in the Flash media presented, the injected code is executed in the victim's browser.
Symantec offers "industry-leading Web protection" through their various software, appliance, and service offerings.