In an interview with Netcraft, Finnish security researcher Harry Sintonen reported a critical cross-site scripting vulnerability on paypal.com.
The vulnerability is made worse by the fact that the affected page uses an Extended Validation SSL certificate, which causes the browser’s address bar to turn green, assuring visitors that the site – and its content – belongs to PayPal.
