PayPal's send money feature suffered from a cross site scripting vulnerability.
3de760a1d3613532edb3bcb89657f899c49fc5641c61f9d37414668b5825366f--------------------------------------------------------------------------------
1. Summary:
PayPal's send money feature is affected by an XSS (cross-site scripting)
vulnerability.
--------------------------------------------------------------------------------
2. Description:
When sending money via PayPal, the sender has an option to input a message
along with the money being sent. A malicious attacker can inject XSS code
into this message box because it fails to validate input. When the victim
goes to view the transaction page the injected code will execute.
--------------------------------------------------------------------------------
3. Impact:
Potentially allow an attacker access to a victim’s PayPal account.
--------------------------------------------------------------------------------
4. Affected Products:
www.paypal.com
--------------------------------------------------------------------------------
5. Solution: None
--------------------------------------------------------------------------------
6. Time Table:
12/06/2010 Reported Vulnerability to the Vendor
12/07/2010 Vendor Acknowledge Vulnerability
--------------------------------------------------------------------------------
7. Credits:
Discovered by Nathan Power
www.securitypentest.com
--------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed