Strategy, Vulnerability management

Researcher identifies XSS bug impacting Kaspersky website

July 9, 2014

A cross-site scripting (XSS) vulnerability has been discovered on the website for security software provider Kaspersky, according to a post on by E1337, the handle of the security researcher who identified the vulnerability and reported it on Tuesday.

The XSS bug puts users, visitors and administrators at risk of having their cookies, personal data, authentication credentials and browser history stolen by attackers, according to the post, which adds these are “probably the less dangerous consequences of XSS attacks.”

Since June 2014, researchers reported to 11 other XSS vulnerabilities affecting Kaspersky websites, many of which impacted Kaspersky's Brazilian and Latin American sites. In all cases Kaspersky mitigated the issue within a week.

A Kaspersky spokesperson could not immediately provide additional information to

prestitial ad