PayPal security


Persistent Input Validation Zero Day Patched by PayPal

PayPal patched a zero-day vulnerability this week in its core content management system. Researchers at Vulnerability Laboratory in Germany reported the flaw in June and withheld disclosure of the details until this week when PayPal released a fix.Benjamin Kunz Mejri, a frequent PayPal bug hunter, said his team discovered a persistent input validation vulnerability in the address book module’s search function that would allow an attacker to remotely inject malicious script on the application side.

PayPal Fixes Trio of Remote-Access Vulnerabilities

PayPal has repaired three remote-access vulnerabilities found in different areas of its website, including a cross-site scripting (XSS) flaw on its PayPal Community Forum. All three flaws were submitted to PayPal’s Bug Bounty Program.Researcher Benjamin Kunz Mejri of Vulnerability-Lab reported the security vulnerabilities to PayPal in September; patches were released in late October according to an advisory posted this week to the Full Disclosure list.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.