DOM Based XSS in AVG
2012-02-24
Rafay
Lately, i have been researching on DOM based XSS a bit, Recently i found a DOM based XSS in AVG, DOM based XSS is caused due to lack of input filtering inside client side javascripts, since most of the code is moving towards client side, therefore DOM based xss have been very common now a days, It is predicted by the experts that the DOM based xss mostly occurs in the websites that heavily rely upon javascripts.
[...]
I would like to give full credits to David Vieira-Kurz from Majorsecurity.com (@secalert), for helping me sort out the vulnerable code.
Yet another security researcher, David Sopas also found the same issue but on the English version of the site:
http://labs.davidsopas.com/2013/01/avg-vulnerable-to-dom-xss.html