Vulnerability Management

Researcher identifies XSS bug impacting Kaspersky website


A cross-site scripting (XSS) vulnerability has been discovered on the website for security software provider Kaspersky, according to a post on by E1337, the handle of the security researcher who identified the vulnerability and reported it on Tuesday.

The XSS bug puts users, visitors and administrators at risk of having their cookies, personal data, authentication credentials and browser history stolen by attackers, according to the post, which adds these are “probably the less dangerous consequences of XSS attacks.”

Since June 2014, researchers reported to 11 other XSS vulnerabilities affecting Kaspersky websites, many of which impacted Kaspersky's Brazilian and Latin American sites. In all cases Kaspersky mitigated the issue within a week.

A Kaspersky spokesperson could not immediately provide additional information to

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.