A Germany based security research firm discovered a flaw that allows hackers to insert malicious code into email confirmations sent by PayPal’s confirmation system. The bug has a medium severity, and could lead to such scams as phishing attempts, session hijacking, and redirecting users to other web domains. The flaw was reported in late October 2015. Read more here at Security Week.
Home PayPal Flaw Can Send Users Malicious Emails Through It’s Own System