XSS Vulnerability In PayPal Currency Converter Wallet

A bug bounty hunter has discovered a serious reflected XSS vulnerability in PayPal wallets on the service’s web domain. The issue existed due to improper sanitization of user input in a URL parameter. Following that, a hacker could exploit the vulnerability to inject malicious codes into the browser. 

Paypal said: „An endpoint used for currency conversion was found to suffer from a reflected XSS vulnerability, where user input was not being properly sanitized in a parameter in the URL. This could lead to a malicious user injecting malicious JavaScript, HTML, or any other type of code that the browser may execute. The malicious script will execute in the browser page DOM of another user typically without their knowledge or consent.
This issue was resolved by implementing additional controls to validate and sanitize user input before being returned in the response.“