PayPal is again vulnerable to XSS

Written by DP

Saturday, 23 June 2007

Update: The vulnerabilities have been fixed by paypal on july, 8th 2007.

This is not the first time that PayPal is vulnerable to cross-site scripting... 142TeeTH has discovered and submitted to us the two XSS vulnerabilities affecting

According to him, PayPal's technical staff are already aware of the issues. We just hope they resolve them in a timely manner for the sake of their users and business.

Currently it appears that the XSS vectors work with the latest version of Firefox and Internet Explorer.

Mirrors of the PayPal XSS | 22-06-2007:

PayPal was XSSed a few times in the past by fraudsters:

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.