[BugBounty] Paypal DOM XSS main domain

Dear followers,

i recently discovered a DOM Cross Site Scripting issue while testing on Paypal, the process here was pretty straight forward, if you inserted the payload in  :

#“><img src=/ onerror=alert(2)>

In the URL, the DOM executed the Javascript. This vulnerability would have affected all registered Paypal users and could have been used to exploit the Users. Unfortunately this issue got tagged as duplicate but i wanted to write about it anyway.

Here’s my POC i sent the Paypal inc. Bug Bounty team.


All the best

Patrik

en_USEnglish