PayPal has repaired three remote-access vulnerabilities found in different areas of its website, including a cross-site scripting (XSS) flaw on its PayPal Community Forum. The XSS bug allows only the execution of client-side script and browser cookie hijacking. An input validation vulnerability was also discovered on the egreetings Web service of PayPal s Plaza Web-based application. A vulnerability that could enable an attacker to redirect users of the content management system customer, pro or seller accounts was patched.
Source: https://threatpost.com/paypal-fixes-trio-remote-access-vulnerabilities-112912/77263/