A couple of weeks ago, while doing some research for a paper I have been working on, I found two XSS vulnerabilities with the Symantec Learning Management System (symlms.symantec.com) and Enterprise Support Login Page (seer.entsupport.symantec.com).

On an average, it is easy to find XSS vulnerabilities on the Internet, but finding an XSS issue on a website that is owned and administered by a security services company is quite something. I reported both the vulnerabilities as soon as I discovered them and the security team at Symantec were quite appreciative and welcoming with my disclosures.

Name:  symlms-xss.jpg
Views: 376
Size:  21.3 KB

Name:  seer.entsupport.symantec.com-xss.jpg
Views: 455
Size:  21.2 KB

More details on my blog: A Programmer's Rhapsody: XSS vulnerabilities in Symantec websites