Meetup is a service that enables users to create in-person or virtual events. For organizers outside the U.S., the platform offers PayPal support to charge attendees for a paid event. Researchers from Checkmarx describe a stored XSS vulnerability that allowed a regular group member to have the same permissions as an organizer. A second high-severity flaw, with a score of 8.1 out of 10, could be exploited in combination with a CSRF vulnerability to change a user s PayPal address in the Meetup profile.
Source: https://www.bleepingcomputer.com/news/security/hackers-could-have-stolen-paypal-funds-from-meetup-users/