HTML Injection in Symantec.com
Title : HTML Injection in Symantec.com Vuln URL : http://www.symantec.com/business/support/index?page=content&id= Author : Yogesh D Jaygadkar Reported : July 02, 2012 Fixed : July 03, 2013 Public Released : July 03, 2013 OS : Win7, Win XP, Ubuntu Description: HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side. so if an attacker embeds html/script tags such <html>, <SCRIPT> , <OBJECT> , <APPLET> , or <EMBED> into a web site, the web browser's JavaScript engine will execute it. While searching about some anti-virus related information i found that Symantec Antivirus official website is vulnerable to HTML Injection. Attacker can add HTML Tags into URL to execute html code on website. Screenshot 1 : Screenshot 2 :