Two days after the report of the PayPal Sandbox XSS
which was finally corrected within a very short time, "d3v1l
" from Security-Sh3ll
has notified us about a new XSS affecting the PayPal mobile
SSL site. The "sender_country
" parameter does not properly sanitize input, thus allowing for XSS attacks and potentially malicious redirects to take place, i.e. "><meta http-equiv="Refresh" content="0;url=http://www.malicious.link/"