Paypal Sender Country XSS
A new XSS vulnerability was identified on Paypal.com earlier today, found by d3v1l and disclosed on both Security-Shell and XSSed. The problem is with the parameter sender_country in a transaction called nvpsm.
Category: Cross Site Scripting
F-Secure XSS on Anti-Theft Website
In a new section supporting the release of an anti-theft product for mobile phones, the web site of Helsinki based anti-virus company F-Secure is vulnerable to cross site scripting (XSS).
Jun 17, 2010 | 3 comments | View Post
Formspring.me XSS Vulnerability
Formspring.me, a newly popular social networking site, has a fundamental cross site scripting flaw that allows one logged in user to steal another user’s session, but also may allow users to find out who posted a nasty comment about them.
Jun 03, 2010 | 2 comments | View Post
XSS Flaw on PayPal.com
Earlier today Wesley Kerfoot reported on the Full Disclosure mailing list that a page in the Paypal.com domain is susceptible to a non-persistent reflected cross site scripting attack (XSS). While non-persistent XSS bugs are somewhat common, this is quite serious for a site like PayPal, where user accounts are linked directly to bank accounts, debit, or credit cards and payment can be made to third parties without any additional authentication after user access is gained.
Mar 26, 2010 | 7 comments | View Post
Pentagon Web Site Vulnerabilities Identified
A Romanian hacker has on December 6th identified input validation deficiencies in URL parameter handling leading to security vulnerabilities on a section of the official site of the Pentagon, http://pentagon.afis.osd.mil, the headquarters of the U.S. Department of Defense. The hacker who identifies himself as Ne0h has posted images of the vulnerabilities, which are still active at the time of this blog post, on his blog.
Dec 07, 2009 | 10 comments | View Post
