Combination of XSS and CSRF. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		unfed on May 26, 2013 \| parent \| context \| favorite \| on: PayPal.com XSS Vulnerability Combination of XSS and CSRF.

benregenspan on May 26, 2013 [–]

This seems like it's just plain XSS - it doesn't take advantage of a user's serverside session to forge an action on their behalf.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact