The Hacker News Logo
Subscribe to Newsletter

Cross-site scripting (XSS) Vulnerability reported on Paypal

Cross-site scripting (XSS) Vulnerability reported on Paypal

Paypal is affected by an XSS vulnerability where it fails to validate input on URL shown in above image. PayPal fixed the vulnerability shortly after being notified that its publicly posted. XSS, in general is a vulnerability that allows hackers to inject client side script on webpages and can modify how a user sees the webpage

An attacker able to trick a user with a valid Paypal session into clicking a crafted version of the link below (wouldn’t be hard, think a link on an eBay auction listing or a phishing e-mail for example) could hijack the user’s session and initiate financial transactions on their behalf including money transfers. Alternatively this legitimate URL could be used to redirect the user to a spoofed PayPal web site designed to steal user credentials, which is a fairly common scam except in this case more effective as the user would see an actual PayPal URL to click on.

Latest Stories
Top Deals

Always First — Subscribe

Over 500,000 Information Security professional read and trust our news platform. Join them and get all latest hacking news, free eBooks delivered to your inbox - free!