Search This Blog

Powered by Blogger.

Blog Archive

Labels

Rafay Baloch found Non-persistent XSS vulnerability in Mcafee and Symantec

A Security Researcher and Bug Hunter , Rafay Baloch has discovered a Non-Persistent Cross Site Scripting vulnerability in Mcafee and Symantec websites

A Security Researcher and Bug Hunter , Rafay Baloch has discovered a Non-Persistent Cross Site Scripting vulnerability in the websites belong to Internet Security giants : Mcafee and Symantec.

The download parameter in the Product Advisory Council sub-domain of McAfee(portal.mcafee.com) is found to be vulnerable to xss attack.

Researcher claimed that he notified McAfee about the xss vulnerability several times but they refused to fix.

McAfee xss


Reflected xss in Symantec

Few weeks before, he discovered xss in Storage Foundation DocCentral sub domain of Symantec(sfdoccentral.symantec.com) and sent notification to them. Symantec immediately fixed the vulnerability but McAfee fails to.

At the time of writing, The vulnerability is not yet patched.
Share it:

Breaking News

Cyber Security News

hacker news

Non Persistent XSS

Rafay Baloch

Vulnerability