Date:27/03/12
According to Heise, the problem affected SSL-encrypted pages at https://www.paypal.com, where customers log in to make payments.
The search function was not filtering user input correctly, which meant malicious code could be injected into PayPal pages via a crafted URL, hijacking the login pages to harvest usernames and passwords. XSS vulnerabilities in web applications are half as likely to exist in software as they were four years ago, according to IBM's X-Force 2011 Trend and Risk Report, published yesterday.
PayPal closes potential flaw in login pages
PayPal has closed a potentially serious security hole on its site, which cyber criminals could have used to steal passwords belonging to users of the online payment service.Associates at the Heise Security website informed PayPal of the cross site scripting (XSS) vulnerability after it was spotted by one of their readers.According to Heise, the problem affected SSL-encrypted pages at https://www.paypal.com, where customers log in to make payments.
The search function was not filtering user input correctly, which meant malicious code could be injected into PayPal pages via a crafted URL, hijacking the login pages to harvest usernames and passwords. XSS vulnerabilities in web applications are half as likely to exist in software as they were four years ago, according to IBM's X-Force 2011 Trend and Risk Report, published yesterday.
Views: 1523
©ictnews.az. All rights reserved.Similar news
- 24% of U.S. Adults have made phone calls on the Internet
- UNESCO puts sustainable learning online
- Australia gives incentives for the use of telehealth
- US launches computer programme for poor kids
- UN declares web access as human right
- Facebook growth slows in stalkerbase heartlands
- One Third of Millionaires Use Social Media
- Facebook Seeks Bigger Role in Software for Mobile Apps
- Icann increases web domain suffixes
- IBM launches new social networking platform for enterprises
- Google Notches One Billion Unique Visitors Per Month
- Internet providers cut international channel renting costs by 60%
- Azerbaijan launches standard time on internet
- Icann launches facility to ease DNSSec adoption
- Social network data mining yields worrying results for traditional media