Softpedia – (International) Persistent flaws in PayPal allow cybercriminals to hijack user sessions and more. Multiple Web vulnerabilities have been identified by Vulnerability Lab researchers on the official PayPal Web site, Softpedia reported October 2. The high-severity security holes could have been exploited by a remote attacker against Pro, seller, or regular customer accounts. A persistent input validation vulnerability is detected in the official Paypal e-commerce website content management system (Customer/Pro/Seller). The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent) of the paypal web service - page 5
Source: http://news.softpedia.com/news/Persistent-Flaws-in-PayPal-Allow-Cybercriminals-to-Hijack-User-Sessions-and-More-296107.shtml
