PayPal Cross Site Scripting

2010-03-28T00:00:00
ID PACKETSTORM:87735
Type packetstorm
Reporter Wesley Kerfoot
Modified 2010-03-28T00:00:00

Description

                                        
                                            `Paypal is affected by an XSS vulnerability where it fails to validate  
input for the following url:  
  
https://www.paypal.com/xclick/business=  
  
One can add arbitrary javascript with no need for any filter evasion.  
  
https://www.paypal.com/xclick/business=<script> alert("xss"); </script>  
  
  
As far as I know only the above url is affected. All of the usual XSS  
attacks will work with this.  
  
Cheers.  
  
`