The H

PayPal vulnerable to cross-site scripting again

Back to PayPal vulnerable to cross-site scripting again
Paypal XSS with certificate details Note the XSS trickery - despite a PayPal URL and a valid PayPal certificate, login credentials entered here are sent, not to PayPal, but to The H's German associates at heise.de
Back to PayPal vulnerable to cross-site scripting again