05-20-2008, 10:17 AM
Quote:A serious scripting error has been discovered on PayPal that could enable attackers to create convincing spoof pages that steal users' authentication credentials..
The cross-site scripting bug is made all the more critical because it resides on a page that uses an extended validation secure sockets layer certificate. The new-fangled SSL mechanism is designed to give users a higher degree of confidence that the page they're visiting is secure by turning their browser address bar green...
full article: http://www.channelregister.co.uk/2008/05...bs_to_xss/