Even worse, it appears that the bug would also allow the theft of authentication cookies, The Register reports.
PayPal si aware of the problem but the company has yet to announce a solution.
This is not the first time that PayPal falls victim to an XSS bug that allowed the injection of unauthorized code. The online payments site had to patch a similar vulnerability in May 2008, after being informed by Finnish researcher Harry Sintonen.
At present time, critics only wonder when will the XSS disaster strike next…