Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via xssed.com

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks