Great news! Today I received the second payment for another valid Cross-Site Scripting vulnerability covered by PayPal’s bug bounty program. This time the domain www.paypaltech.com was affected, which provides scripts and samples used for Instant Payment Notifications (IPNs). Sometimes … being on the ethical side of hacking feels good … 🙂