This vulnerability allows steal money, cookies, infection with exploit-pack and much, much more. If the user go to the "Send Money" tab, then vulnerability is exploited. The vulnerability has not been reported to PayPal Sec-Team. PayPal developers possibly do not know about its existence.
This is private exploit. You can buy it at https://0day.today