A Security Researcher and Bug Hunter , Rafay Baloch has discovered a Non-Persistent Cross Site Scripting vulnerability in the websites belong to Internet Security giants : Mcafee and Symantec.
The download parameter in the Product Advisory Council sub-domain of McAfee(portal.mcafee.com) is found to be vulnerable to xss attack.
Researcher claimed that he notified McAfee about the xss vulnerability several times but they refused to fix.
McAfee xss |
Reflected xss in Symantec |
Few weeks before, he discovered xss in Storage Foundation DocCentral sub domain of Symantec(sfdoccentral.symantec.com) and sent notification to them. Symantec immediately fixed the vulnerability but McAfee fails to.
At the time of writing, The vulnerability is not yet patched.