PayPal fixes XSS vulnerability

Summary:PayPal fixed an XSS vulnerability today that drew some attention.  Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.

PayPal fixed an XSS vulnerability today that drew some attention.  Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.  It was particularly interesting due to the use of EV certs employed by PayPal, which are intended to help prevent phishing attacks (a very real threat for a site like PayPal), but in this case may have aided an attacker as the EV certs provide a trusted feel for application users.

I don't want to delve to deep into my thoughts on EV certs right now, I think that's a separate talk, especially as I'm not 100% on what my opinion is, I just posted this to let everyone know the bug has now been fixed.

-Nate

Topics: Security, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.