[Prakhar published a blog post containing XSS PoC's for multiple Security vendors including Symantec (Norton), AVG, Avira, BitDefender, McAfee, and TrendMicro. Most of these companies sell software, appliances, and/or services that include web security.]
Here's an XSS Gallery showing Flash-based XSS issues on top Security Solution Vendors.
Issues here are found by me and my friend +dhaval chauhan
UPDATE: This post was taken down initially in May, as at that time vendors were not informed. Then was republished on 7th June 2013 01:25AM IST.
Avira, F-Secure and Norton [Partially] have addressed the issues shown here.Others haven't fixed yet, all vendors were notified before.