Nasdaq's website contained a significant cross-site scripting vulnerability before it was fixed Monday, according to High-Tech Bridge, a penetration-testing company. The flaw remained in place for two weeks after the company notified Nasdaq staff about it, CEO Ilia Kolochenko said. "We responded to his concerns immediately," Nasdaq said in a statement. "We take all information security matters seriously. We work with leading security vendors and have a trained and professional team that evaluates all credible threats across our digital assets."