Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » PayPal fixes XSS flaw that allowed access to unencrypted credit card details

PayPal fixes XSS flaw that allowed access to unencrypted credit card details

2015/08/27

Softpedia - (International) PayPal addressed a cross-site scripting (XSS) flaw on the Web site's SecurePayments page in which an attacker could inject customized payment forms into the page HyperText Markup Language (HTML) in order to intercept user financial and PayPal login information in clear text. [ed.: For more, read this post in the Optimal Security blog.]

Source: http://news.softpedia.com/news/paypal-fixes-xss-flaw-that-allowed-access-to-unecrypted-credit-card-details-490217.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:25:07