"McAfee, widely recognized as one of the leading providers of online security software for both home and business, appears to be struggling to secure its own Web sites, which at the time of writing this post, allow anyone with enough tech savvy to covertly do whatever they want on, and with, the site. During tests this weekend, we discovered the company who claims to "keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams," has several cross-site scripting (XSS) vulnerabilities and provides the bad guys with a brilliant - albeit ironic - launching pad from which to unleash their attacks"

I usually don't post entries involving XSS in specific sites, however McAfee offers a commercial service that detects these types of issues in your own site. So either they aren't checking their own site, or they do a poor job.

Read more: http://www.readwriteweb.com/archives/mcafee_enabling_malware_distribution_and_fraud.php