PayPal XSS Vulnerability

by certifiedbug on May 18, 2008

in Security

In an interview with Netcraft, Finnish security researcher Harry Sintonen reported a critical cross-site scripting vulnerability on paypal.com.

Netcraft

The vulnerability is made worse by the fact that the affected page uses an Extended Validation SSL certificate, which causes the browser’s address bar to turn green, assuring visitors that the site – and its content – belongs to PayPal.

Tagged as: ,

{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Older post: Apple’s Safari Carpet Bomb

Newer post: Victims of bucksbill.com