PayPal Bug Bounty Program

Persistent Input Validation Zero Day Patched by PayPal

PayPal patched a zero-day vulnerability this week in its core content management system. Researchers at Vulnerability Laboratory in Germany reported the flaw in June and withheld disclosure of the details until this week when PayPal released a fix.Benjamin Kunz Mejri, a frequent PayPal bug hunter, said his team discovered a persistent input validation vulnerability in the address book module’s search function that would allow an attacker to remotely inject malicious script on the application side.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.