Back in June, Ibrahim M. El-Sayed, a member of the Vulnerability Lab research team, identified a persistent script code inject flaw that affected PayPal’s official website.
“A persistent input validation vulnerability is detected in the official Paypal ecommerce website content management system. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent),” reads the advisory issued by the company.
“The persistent vulnerability is located in the Gift & eCard module with the bound vulnerable title or message parameters.”
If exploited successfully, the medium-severity bug could be leveraged to hijack administrator sessions, steal accounts and manipulate context. Another noteworthy fact is that an attack doesn’t require a high level of user interaction.
Vulnerability Lab representatives told Softpedia that the issue was addressed in September 20.
Since the security firm has identified numerous vulnerabilities
on the payment processor’s website, PayPal and Vulnerability Lab have started collaborating on a regular basis. For this particular security hole, PayPal has awarded the researchers with $1,000 (800 EUR).