A low severity and client-side redirect web vulnerability is detected in the official chinese (CN) PayPal Inc web application service. The vulnerability allows remote attackers to form malicious links as client-side GET method requests to manipulate a return link.
The vulnerability is located in the login (php) module of the GET method request to the return link
go parameter. Remote Attackers can
manipulate the client-side GET method request to redirect the victim via mouse-over to an external malicious source/website. The issue
is only visible by using the mouse-over a link to open to run the client-side script code. A direct inject via document.cookie in the go
parameter by not using the echo link is not possible. The security risk of the non-persistent web vulnerability
in the ref go value is estimated as medium with a cvss (common vulnerability scoring system) count of 1.5(+).
The vulnerability can be exploited by remote attackers without privileged application user account and with medium required user interaction. Successful exploitation results in client side cross site scripting, client-side session hijacking, client side phishing or malicious redirects to external targets/sources.
Vulnerable Module(s): [+] Login (login.php)
Vulnerable Module(s): [+] ?go
Affected Module(s): [+] PayPal ReturnTo Button and Login Link