Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program.  This time the domain www.paypaltech.com was affected, which provides scripts and samples used for Instant Payment Notifications (IPNs). Sometimes … being on the ethical side of hacking feels good …  :-)

ia41