14 DAY TRIAL // The product checkout page of ArcaBit’s Polish website presented vulnerabilities that could have allowed a hacker to execute a maliciously crafted arbitrary code.
Team Elite reports that two years ago the website had the same weaknesses, but after a redesign process, the site became once again vulnerable to cross-site scripting and iframe injection attacks.
XSS issues are considered to be the most common in websites, but it’s ironic when we find them on the page of a company that claims “security is their priority.”
ArcaBit is actually the website of the vendor that develops the ArcaVit antivirus solution, a product created by “high class experts, designers, programmers and implementation specialists, but also passionates.”
The issue was resolved one day after the disclosure, but it's highly unfortunate when someone is too busy with the more complex matters and they forget to take care of the simple things.