PayPal is again vulnerable to XSS

Written by DP

Saturday, 23 June 2007

Update: The vulnerabilities have been fixed by paypal on july, 8th 2007.

This is not the first time that PayPal is vulnerable to cross-site scripting... 142TeeTH has discovered and submitted to us the two XSS vulnerabilities affecting PayPal.com.

According to him, PayPal's technical staff are already aware of the issues. We just hope they resolve them in a timely manner for the sake of their users and business.

Currently it appears that the XSS vectors work with the latest version of Firefox and Internet Explorer.

Mirrors of the PayPal XSS | 22-06-2007:

http://www.xssed.com/mirror/10404/
http://www.xssed.com/mirror/10405/

PayPal was XSSed a few times in the past by fraudsters:

PayPal XSS Exploit available for two years? - Paul Mutton, Netcraft | Jul 20, 2006
PayPal Security Flaw allows Identity Theft - Paul Mutton, Netcraft | Jun 16, 2006