HomesecurityPayPal has fixed an XSS vulnerability in the user wallet currency converter

PayPal has fixed an XSS vulnerability in the user wallet currency converter

PayPal has fixed a cross-site scripting (XSS) vulnerability that can be converted into user wallets.

The vulnerability described as "reflected XSS and CSP bypass" issue was first discovered in HackerOne by an error hunter nicknamed "Cr33pb0y".

The error was detected in the ability to convert PayPal wallets into PayPal web domain.

In a report released Feb. 10 - almost a year after the researcher privately reported the issue - PayPal said the bug was in the currency conversion endpoint and caused from failure to properly control user input.

A weak parameter URL failed to "clean up" the input by allowing threat agents to enter malicious JavaScript, HTML or any other code “that could execute Browser", States the advisory.


As a result, malicious payloads could be triggered in the Document Object Model (DOM) of a victim's browser page without their knowledge or consent.

Typically, reflected XSS attacks "reflect" scripts from a web source to a browser and may require a victim to do so. click in a malicious link for activation. Payloads can be used to steal cookies, session tokens or account information or will they could to used as a step in wider attacks.

Following the revelation of the vulnerability, PayPal has now implemented additional validation checks to check user input on the currency exchange feature and to eliminate This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. error.

No CVE has been assigned but the vulnerability has been categorized as moderate. The researcher was given $ 2.900 as a financial reward.

Source of information:


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.