--- Vulnerability # No-  1:
+URL:  https://www.paypal-marketing.com.hk/merchant-enquiries/index.php
+Vulnerability Type:  Cross Site Scripting (XSS)
+ Form Action : POST
+POST Data Sent to Produce the Bug :

token=1359557986&from_page=en&company_name=%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E&business_type_other=vulnerable_field&business_need_other=vulnerable_field&contact_person=vulnerable_field&contact_person2=vulnerable_field&phone=vulnerable_field&phone2=vulnerable_field&email=vulnerable_field&email2=vulnerable_field&business_type=1

--Here, the field name with field value vulnerable_field are all vulnerable
to cross site scripting .

And, the filed name (company_name)  with value
%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E is also vulnerable and used
here to produce the XSS bug here .
+POST Parameters that cause XSS Vulnerability in this Page :
company_name , business_type_other,business_need_other, contact_person
,contact_person2, phone,phone2, email,email2

+How to fix :
-- Though this page uses a java script function to validate this form, but
it fails to sanitize the all characters which could allow hackers or pen
testers to  return malicious on webpage like Cross Site Scripting attack
+ Screenshot : Attached with this mail

----------------------------------------------------------------------------
Vulnerability No. #  2 :
+URL:  https://www.paypal-marketing.com.hk/merchant-enquiries/index-zh.php
+Vulnerability Type:  Cross Site Scripting (XSS)
+ Form Action : POST
+POST Data Sent to Produce the Bug :

token=1359557986&from_page=en&company_name=%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E&business_type_other=vulnerable_field&business_need_other=vulnerable_field&contact_person=vulnerable_field&contact_person2=vulnerable_field&phone=vulnerable_field&phone2=vulnerable_field&email=vulnerable_field&email2=vulnerable_field&business_type=1

--Here, the field name with field value vulnerable_field are all vulnerable
to cross site scripting .

And, the filed name (company_name)  with value
%22%3E%3Cscript%3Eprompt%281%29%3C%2Fscript%3E is also vulnerable and used
here to produce the XSS bug here .
+POST Parameters that cause XSS Vulnerability in this Page :
company_name , business_type_other,business_need_other, contact_person
,contact_person2, phone,phone2, email,email2

+How to fix :
-- Though this page uses a java script function to validate this form, but
it fails to sanitize the all characters which could allow hackers or pen
testers to  return malicious on webpage like Cross Site Scripting attack
+ Screenshot : Attached with this mail

Thanking You
Mahadev Subedi