In the following paper, @strukt93 and me describe how we were able to find XSS flaws in 8 out of 9 top antivirus (AV) vendors websites in january 2016.

See how we did it and how vendors handled the situation when we reported it to them.

Check it here.

#hack2learn