PayPal fixes XSS vulnerability

PayPal fixed an XSS vulnerability today that drew some attention.  Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.

PayPal fixed an XSS vulnerability today that drew some attention.  Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.  It was particularly interesting due to the use of EV certs employed by PayPal, which are intended to help prevent phishing attacks (a very real threat for a site like PayPal), but in this case may have aided an attacker as the EV certs provide a trusted feel for application users.

I don't want to delve to deep into my thoughts on EV certs right now, I think that's a separate talk, especially as I'm not 100% on what my opinion is, I just posted this to let everyone know the bug has now been fixed.

-Nate

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All