Florian Courtial, a french software engineer, recently discovered a bug in PayPal.Me which allows the unauthorized changing of a users’ profile picture. Victims would have to visit a malicious site that executes the code to change the user’s profile. While the profile picture is the extent of what can be changed without permission, it could still be an embarrassing moment for Paypal’s users. Read more at Threat Post.
Home CSRF Vulnerability Fixed in PayPal Bug