Lucene search
+L

PayPal Germany Cross Site Scripting

🗓️ 14 Jun 2013 00:00:00Reported by Samuel AlpType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 42 Views

PayPal Germany XSS vulnerability reported but not fixe

Code
`Hi People  
  
Found a XSS on german Paypal website last week and reported it exactly 7  
days ago.  
Their response was one we very well know  
Another researcher already discovered the bug.  
  
So, someone else found the Vulnerability before me and reported it.  
Fine, looks like I was too slow. I can live with that.  
  
Now, i received an answer exactly 7 Days ago. That means they had more than  
a week to fix this  
  
  
https://www.paypal.de/Einkaufswelt/H%C3%A4ndlerverzeichnis/?c=" ||  
alert('XSS') || "  
  
All they'd have to do is escape quotation marks or remove them since  
they're not used anyways.  
The Approximate time that takes is ~15 Seconds.  
  
I am amazed by how long it takes some huge companys to close holes in their  
websites  
  
  
  
______________________________________________________  
Samuel Alp  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation