Security Hero Rotating Header Image

Symantec Site Vulnerable to Cross-site Scripting Assaults

Symantec Site Vulnerable to Cross-site Scripting Assaults

According to Nemesis/t3am3lite (name of a website), Symantec’s site too is now open to XSS (cross-site scripting) attacks together with Iframe injections.

An XSS attack, according to security experts, launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as the end-user clicks on the hyperlink while on another site, or via any other mode of connection, the attacker compromises his data.

Similarly, the XSS flaw in Symantec’s website could enable hackers to grab the cookies that Symantec places on the hard-drives of user’s computers. The purpose of such cookies is to establish that a site user has already typed in a genuine password. Thus, the possibility of stealing the file is a result of a serious shortfall in Symantec’s security. This means that Symantec could let the visitor view the file since it regarded him as a person who had previously accessed the site.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31020

Leave a Reply

Your email address will not be published. Required fields are marked *