Vulnerabilities > Paypal

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-24	CVE-2022-48345	Cross-site Scripting vulnerability in Paypal Braintree/Sanitize-Url sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. network low complexity paypal CWE-79	6.1
2023-01-31	CVE-2022-21129	Unspecified vulnerability in Paypal Nemo-Appium Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. network low complexity paypal critical	9.8
2022-03-16	CVE-2021-23648	Cross-site Scripting vulnerability in multiple products The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. network low complexity paypal fedoraproject CWE-79	6.1
2019-07-10	CVE-2017-6217	Cross-site Scripting vulnerability in Paypal Adaptive Payments SDK 3.9.2 paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution network low complexity paypal CWE-79	6.1
2018-08-02	CVE-2017-6215	Cross-site Scripting vulnerability in Paypal PHP Permissions SDK paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. network low complexity paypal CWE-79	5.4
2018-08-02	CVE-2017-6213	Cross-site Scripting vulnerability in Paypal PHP Invoice SDK paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. network low complexity paypal CWE-79	5.4
2018-04-27	CVE-2013-7202	Permissions, Privileges, and Access Controls vulnerability in Paypal The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. network high complexity paypal CWE-264	8.1
2018-04-27	CVE-2013-7201	Improper Certificate Validation vulnerability in Paypal WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. network high complexity paypal CWE-295	7.4
2017-02-24	CVE-2017-6099	Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1 Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. network low complexity paypal CWE-79	6.1

Vulnerabilities > Paypal {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Paypal"}]}

Vulnerabilities > Paypal