Kaspersky Site Vulnerable to Cross-site Scripting Assaults
Kaspersky Lab site is now open to XSS (cross-site scripting) attacks together with Iframe injections. This is not good for any company, especially for a company dealing with security.
An XSS attack launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as the end-user clicks on the hyperlink while on another site, or via any other mode of connection, the attacker compromises his data.
Here is a screenshot of the bug:
Vulnerable link: KasperskyXSS
Source : http://www.reddit.com/r/xss/comments/k0pi3/kasperskycom_xss/
Update : the Vulnerability have been fixed