A cross-site scripting (XSS) vulnerability impacting a Kaspersky website was addressed by the security software company two days after a researcher, known as E1337, identified the issue and posted about it on xssposed.org.
Kaspersky was made aware of the vulnerability on Wednesday and an in-house security specialist addressed it within 24 hours, a spokesperson told SCMagazine.com in a Thursday email.
Initial analysis shows no evidence of the flaw being exploited by attackers for malicious purposes, and the issue has had no effect on business or customer data, the spokesperson said, adding measures will be taken to prevent similar incidents in the future.
“Kaspersky Lab's websites are designed to only allow a very limited range of third-party scripts to function, so it is highly unlikely that any malicious scripts could be successfully executed, even if attempted,” according to Kaspersky.