Vulnerabilities > Paypal

DATE CVE VULNERABILITY TITLE RISK
2023-02-24 CVE-2022-48345 Cross-site Scripting vulnerability in Paypal Braintree/Sanitize-Url
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
network
low complexity
paypal CWE-79
6.1
2023-01-31 CVE-2022-21129 Unspecified vulnerability in Paypal Nemo-Appium
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
network
low complexity
paypal
critical
9.8
2022-03-16 CVE-2021-23648 Cross-site Scripting vulnerability in multiple products
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
network
low complexity
paypal fedoraproject CWE-79
6.1
2019-07-10 CVE-2017-6217 Cross-site Scripting vulnerability in Paypal Adaptive Payments SDK 3.9.2
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution
network
paypal CWE-79
4.3
2018-08-02 CVE-2017-6215 Cross-site Scripting vulnerability in Paypal PHP Permissions SDK
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
network
paypal CWE-79
3.5
2018-08-02 CVE-2017-6213 Cross-site Scripting vulnerability in Paypal PHP Invoice SDK
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
network
paypal CWE-79
3.5
2018-04-27 CVE-2013-7202 Permissions, Privileges, and Access Controls vulnerability in Paypal
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
network
paypal CWE-264
6.8
2018-04-27 CVE-2013-7201 Improper Certificate Validation vulnerability in Paypal
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
network
paypal CWE-295
5.8
2017-02-24 CVE-2017-6099 Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
network
paypal CWE-79
4.3
2012-11-06 CVE-2011-5237 Improper Input Validation vulnerability in Paypal WPS Toolkit
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
paypal CWE-20
5.8