14 DAY TRIAL // The official website of PayPal, the popular online commerce business that facilitates payments via the Internet, was found to contain a cross-site scripting (XSS) vulnerability by Indian hackers Vansh and Vaibhuv.
The Hacker News reports that the security hole exists because the site isn’t designed to validate input.
XSS vulnerabilities are dangerous and depending on their severity they can allow an attacker to cause some serious damage to a site. However, in this case, the flaw can only be leveraged to alter the site’s appearance if the user is convinced to click on a specially crafted link.
It’s uncertain at this point if PayPal is aware of the flaw, but for the safety of the site’s customers, hopefully, the issue will be addressed.
In November 2011, the same security experts identified a similar vulnerability on the official AOL Energy website.