Website flaws will always be discovered, but important is how fast they are dealt with

Dec 18, 2011 15:46 GMT  ·  By

Team Elite has published a proof of concept to show a cross-site scripting (XSS) and an iframe injection flaw in Kaspersky’s Polish product store (softbuy.pl/kaspersky/store).

It seems that the product purchase page contains some weaknesses which could allow a hacker to execute arbitrary code.

It’s not uncommon for these vulnerabilities to be taken advantage of by hackers and that’s why it’s always recommended to make sure the holes are quickly patched up when they’re discovered.

I have contacted Kaspersky to see if anything has been done so far to resolve the situation. As always, they’ll probably reply in the shortest time, so stay tuned to find out how the flaws are handled.

Not long ago, hackers attacked what they believed to be one of Kaspersky’s sites, but at the time they ended up defacing a website set up by cybersquatters to attract unsuspecting users who may fall for their cleverly planned schemes.