CVE-2024-33980

Summary

CVE-2024-33980 refers to a Cross-Site Scripting (XSS) vulnerability identified in PayPal's version 1.0 payment platform. This issue allows an attacker to create malicious URLs and send them to victims, exploiting the 'start' parameter in the '/admin/mod_reports/printreport.php' file. Successful exploitation could result in the attacker obtaining the victim's session cookie, potentially leading to unauthorized access to their PayPal account. This vulnerability poses a significant risk and emphasizes the importance of regularly updating software to mitigate cybersecurity threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.