Even worse, it appears that the bug would also allow the theft of authentication cookies, The Register reports.

Soon-to-be victims arrive on a malicious page designed to open a javascript window. The message in the window reads the following: "Fugitif was here another time."

PayPal si aware of the problem but the company has yet to announce a solution.

This is not the first time that PayPal falls victim to an XSS bug that allowed the injection of unauthorized code. The online payments site had to patch a similar vulnerability in May 2008, after being informed by Finnish researcher Harry Sintonen.

At present time, critics only wonder when will the XSS disaster strike next…