Norton Update Center critical XSS vulnerability

Written by DP

Monday, 21 June 2010

According to security researcher "d3v1l" from Security-Shell, the Norton Update Center is vulnerable to cross-site scripting, redirects and html injections.

Malicious people could exploit this vulnerability to redirect Norton product users to drive-by download pages and infect them with malware, adware and spyware. If fallen in the wrong hands of a phisher/carder, the financial details of millions of customers could be exposed.

Norton Update Center XSS Mirror:

So be careful if you have already received a suspicious e-mail from Norton asking you to pay for extending your subscription. I say be careful because this security issue may be known to people with malicious intends for quite a long time.

Let's hope that Symantec's security staff will quickly correct this flaw.


Norton Update Center XSS Defacement by d3v1l

View more screenshots here.

Symantec websites have been XSSed in the past:

Originally Published At:


Related News on XSSed:

Critical XSS bugs found today on, now fixed
Verisign, McAfee and Symantec sites can be used for phishing due to XSS

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.