Netcraft is reporting a cross-site scripting (XSS) vulnerability at PayPal
. Because PayPal uses the Extended Validation SSL certificate, the abuse potential is somewhat higher as we described in an article in March
. "Harry Sintonen discovered the vulnerability and announced it to other web application security specialists in an Internet Relay Chat (IRC) channel today. Sintonen told Netcraft that the issue was critical, adding that, 'you could easily steal credentials,' and, 'PayPal says you can trust the URL if it begins with https://www.paypal.com,' which is not true in this case.
to post comments)