i recently discovered a DOM Cross Site Scripting issue while testing on Paypal, the process here was pretty straight forward, if you inserted the payload in :
Paypal DOM XSS Payload
#“><img src=/ onerror=alert(2)>
Here’s my POC i sent the Paypal inc. Bug Bounty team.
All the best
Ein Gedanke zu „[BugBounty] Paypal DOM XSS main domain“