Vulnerability Management

Kaspersky quickly addresses XSS flaw impacting company website

A cross-site scripting (XSS) vulnerability impacting a Kaspersky website was addressed by the security software company two days after a researcher, known as E1337, identified the issue and posted about it on xssposed.org.

Kaspersky was made aware of the vulnerability on Wednesday and an in-house security specialist addressed it within 24 hours, a spokesperson told SCMagazine.com in a Thursday email.

Initial analysis shows no evidence of the flaw being exploited by attackers for malicious purposes, and the issue has had no effect on business or customer data, the spokesperson said, adding measures will be taken to prevent similar incidents in the future.

“Kaspersky Lab's websites are designed to only allow a very limited range of third-party scripts to function, so it is highly unlikely that any malicious scripts could be successfully executed, even if attempted,” according to Kaspersky.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.