DOM Based XSS In AVG
With that being said, let's take a look at the DOM based XSS POC:
The vulnerability is the result of lack of escaping done in "js_stdfull.js". The following is the screen shot of the vulnerable code causing the DOM based XSS:
//display the correct tab based on the url (#name) var pathname = $(location).attr('href');var urlparts = pathname.split("#");
I would like to give full credits to David Vieira-Kurz from Majorsecurity.com (@secalert), for helping me sort out the vulnerable code.
Yet another security researcher, David Sopas also found the same issue but on the English version of the site: