Flash-based XSS Mayhem: Most Security Solution Vendors Vulnerable [Symantec, AVG, Avira, BitDefender, McAfee, TrendMicro]


Prakhar Prasad and Dhaval Chauhan


[Prakhar published a blog post containing XSS PoC's for multiple Security vendors including Symantec (Norton), AVG, Avira, BitDefender, McAfee, and TrendMicro. Most of these companies sell software, appliances, and/or services that include web security.]

Here's an XSS Gallery showing Flash-based XSS issues on top Security Solution Vendors.

Issues here are found by me and my friend +dhaval chauhan

UPDATE: This post was taken down initially in May, as at that time vendors were not informed. Then was republished on 7th June 2013 01:25AM IST.

Avira, F-Secure and Norton [Partially] have addressed the issues shown here.Others haven't fixed yet, all vendors were notified before.

main page ATTRITION feedback