Vulnerability Lab experts identify another flawed high-profile website

Feb 28, 2012 09:21 GMT  ·  By

Security researchers from the Vulnerability Lab, Aditya Gupta and Ucha Gobejishvili, identified a non-persistent cross-site scripting (XSS) vulnerability on the official website of the world renowned technology provider Adobe.

The remotely exploitable, medium severity security hole could allow an attacker to hijack customer sessions and even steal accounts, launch phishing attacks, and manipulate context.

For the vulnerability to be successfully exploited, some social engineering is required, but as practice proved many times before, this is not hard to accomplish for a skilled cybercriminal.

The vendor has been notified of the flaw present in the Login, the Groups Adobe – Search, and the nocophoto Groups Adobe - Search Author modules.

Other vulnerabilities identified recently by Aditya Gupta and the Georgian security expert Ucha Gobejishvili include flaws in Skype Shop, Google+, Microsoft’s MSN Solutions Center, and Yahoo’s Babelfish translator.