PayPal is again vulnerable to XSSWritten by DPSaturday, 23 June 2007Update: The vulnerabilities have been fixed by paypal on july, 8th 2007.
This is not the first time that PayPal is vulnerable to cross-site scripting... 142TeeTH has discovered and submitted to us the two XSS vulnerabilities affecting PayPal.com.
According to him, PayPal's technical staff are already aware of the issues. We just hope they resolve them in a timely manner for the sake of their users and business.
Currently it appears that the XSS vectors work with the latest version of Firefox and Internet Explorer.
Mirrors of the PayPal XSS | 22-06-2007:
PayPal was XSSed a few times in the past by fraudsters:
|