Cross-site scripting (XSS) Vulnerability reported on Paypal

Mar 22, 2012Mohit Kumar

Cross-site scripting (XSS) Vulnerability reported on Paypal

The Hacker News

Paypal is affected by an XSS vulnerability where it fails to validate input on URL shown in above image. PayPal fixed the vulnerability shortly after being notified that its publicly posted. XSS, in general is a vulnerability that allows hackers to inject client side script on webpages and can modify how a user sees the webpage

An attacker able to trick a user with a valid Paypal session into clicking a crafted version of the link below (wouldn't be hard, think a link on an eBay auction listing or a phishing e-mail for example) could hijack the user's session and initiate financial transactions on their behalf including money transfers. Alternatively this legitimate URL could be used to redirect the user to a spoofed PayPal web site designed to steal user credentials, which is a fairly common scam except in this case more effective as the user would see an actual PayPal URL to click on.

[Source]

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Cross site scripting Hacker News News Vulnerability

Popular Resources

Cybersecurity Webinars

Proven PAS Strategies

Learn How Experts Secure Privileged Accounts

Discover proven strategies to secure privileged accounts and prevent escalation in this expert-led webinar.

Learn from a CISO

Understanding Blind Spots in Advanced Security Systems

Learn why top organizations with advanced solutions still face breaches and how to fortify your defenses.

Breaking News

Cybersecurity Resources

Cloud Risk Self-Assessment Checklist

Ready to secure your cloud? Easily evaluate and uncover cloud risk with this simple checklist to help strengthen your security posture.

Safeguard Your Sensitive Data Against Evolving Threats

Learn key strategies to secure your SaaS environment.

Your Security Checklist for AI-Powered SaaS

The report covers AI SaaS risks like data usage, T&Cs, and compliance, plus a security checklist.

Cybersecurity with Georgetown

Earn a Master's in Cybersecurity Risk Management

Lead the future of cybersecurity risk management with an online Master's from Georgetown.

Expert Insights / Articles Videos

Expert Insights

Securing Open Source: Lessons from the Software Supply Chain Revolution

December 2, 2024 Read ➝

Expert Insights

5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365

December 2, 2024 Read ➝

Expert Insights

Defensible Security Architecture and Engineering: Designing and Building Defenses for the Future

November 25, 2024 Read ➝

Expert Insights

Breathing New Life into a Stagnant AppSec

November 14, 2024 Read ➝