The payment processor addressed the issue after being notified of its existence

Oct 5, 2012 08:48 GMT  ·  By
PayPal addresses input validation vulnerability on the "Send an eCard" section of its website
   PayPal addresses input validation vulnerability on the "Send an eCard" section of its website

Back in June, Ibrahim M. El-Sayed, a member of the Vulnerability Lab research team, identified a persistent script code inject flaw that affected PayPal’s official website.

“A persistent input validation vulnerability is detected in the official Paypal ecommerce website content management system. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent),” reads the advisory issued by the company.

“The persistent vulnerability is located in the Gift & eCard module with the bound vulnerable title or message parameters.”

If exploited successfully, the medium-severity bug could be leveraged to hijack administrator sessions, steal accounts and manipulate context. Another noteworthy fact is that an attack doesn’t require a high level of user interaction.

Vulnerability Lab representatives told Softpedia that the issue was addressed in September 20.

Since the security firm has identified numerous vulnerabilities on the payment processor’s website, PayPal and Vulnerability Lab have started collaborating on a regular basis. For this particular security hole, PayPal has awarded the researchers with $1,000 (800 EUR).