PayPal plugs mobile site phishing risk2010-09-30 11:07 by DanielaTags: PayPal, XSS, security
PayPal has fixed a cross-site scripting problem on its mobile payments site that, left unaddressed, had the potential for misuse in phishing attacks. The vulnerability, discovered by hacking and security site Security-Shell, also created a possible mechanism for hackers to redirect surfers from mobile.paypal.com onto untrusted sites. In a statement issued on Wednesday, PayPal said that it had plugged the website vulnerability.
Cross-site scripting (XSS) vulnerabilities arise from web application development mistakes and mean that attackers can inject script or pop-ups from untrusted sites that would appear to surfers as originating from the site they are visiting. Cross-site scripting accounts for 51 per cent of all vulnerabilities uncovered by web application testing firm VeraCode, according to a recent survey. Source: Theregister
Post your review/comments
rate:
avg:
![]() ![]() ![]() ![]() ![]() |