Un0wn_X has discovered 13 XSS exploits on Paypal’s official domain. He told ZeroSecurity that he contacted Paypal with no response and has decided release the information.
You can view his E-mail below:
Hello Recently a XSS vulnerability had been found on Paypal and I researched more and more. I found out that 13 more countries are affected with this xss attack.
- https://www.paypal.com/ch/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/au/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/nl/cgi-
bin/searchscr?cmd=_sitewide- search https://www.paypal.com/be/cgi- bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/jp/cgi-
bin/searchscr?cmd=_sitewide- searchhttps://www.paypal.com/cn/cgi- bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/fr/cgi-
bin/searchscr?cmd=_sitewide- search https://www.paypal.com/de/cgi- bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/ie/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/ca/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/es/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/uk/cgi-
bin/searchscr?cmd=_sitewide- search - https://www.paypal.com/pl/cgi-
bin/webscr?cmd=_sitewide- search
