Norton Update Center critical XSS vulnerability
Written by DP
Monday, 21 June 2010
According to security researcher "d3v1l" from Security-Shell, the Norton Update Center is vulnerable to cross-site scripting, redirects and html injections.
Malicious people could exploit this vulnerability to redirect Norton product users to drive-by download pages and infect them with malware, adware and spyware. If fallen in the wrong hands of a phisher/carder, the financial details of millions of customers could be exposed.
Norton Update Center XSS Mirror:
So be careful if you have already received a suspicious e-mail from Norton asking you to pay for extending your subscription. I say be careful because this security issue may be known to people with malicious intends for quite a long time.
Let's hope that Symantec's security staff will quickly correct this flaw.
View more screenshots here.
Symantec websites have been XSSed in the past:
Originally Published At:
Related News on XSSed:
Critical XSS bugs found today on Symantec.com, now fixed
Verisign, McAfee and Symantec sites can be used for phishing due to XSS