The online payments site has been crippled thanks to another cross-site scripting (XSS) bug that would enable hackers to get away with user passwords.
Even worse, it appears that the bug would also allow the theft of authentication cookies, The Register reports.
Soon-to-be victims arrive on a malicious page designed to open a javascript window. The message in the window reads the following: "Fugitif was here another time."
PayPal si aware of the problem but the company has yet to announce a solution.
This is not the first time that PayPal falls victim to an XSS bug that allowed the injection of unauthorized code. The online payments site had to patch a similar vulnerability in May 2008, after being informed by Finnish researcher Harry Sintonen.
At present time, critics only wonder when will the XSS disaster strike next...
Add to Favorites
Set Home Page
hat the bug would also allow the theft of authentication cookies, The Register 
