XSS vulnerability found in McAfee HackerSafe sites

Share this article:
For the second time this year, a security researcher has found websites certified as McAfee HackerSafe that contain vulnerabilities.

Russ McRee, a security consultant for HolisticInfoSec.org, discovered a number of websites that carry the HackerSafe logo, but have been found to be vulnerable to cross-site scripting (XSS) errors. According to a blog post written by McRee, the vulnerabilities make it possible for hackers to access authentication credentials or send users to malicious websites.

“These sites all take credit card information and house consumer data,” McRee told SCMagazineUS.com on Wednesday. “Even though McAfee says it isn't a hack on the server, that's really false. It's easy to show ways to steal consumer data in the context of your server through the user's browsers through the function of this vulnerability.”

McRee said that this latest discovery comes several months after 60 e-commerce sites with the HackerSafe certification service logo were also found vulnerable.

McAfee said XSS are less severe than other vulnerabilities, and the presence of one on a website does not cause it to fail HackerSafe certification.

“McAfee rates vulnerabilities on a five point scale, Level 1 being less severe and Level 5 being more severe,” Francie Coulter, a McAfee spokeswoman, told SCMagazineUS.com on Wednesday. “XSS vulnerabilities are rated Level 2 within the McAfee system. McAfee's daily HackerSafe scan does an effective job identifying many different types of vulnerabilities, including XSS. When McAfee identifies XSS, it notifies its customers and educates them about XSS vulnerabilities.”

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.