Vulnerabilities > Paypal

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2017-6217 Cross-site Scripting vulnerability in Paypal Adaptive Payments SDK 3.9.2
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution
network
paypal CWE-79
4.3
2018-08-02 CVE-2017-6215 Cross-site Scripting vulnerability in Paypal PHP Permissions SDK
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
network
paypal CWE-79
3.5
2018-08-02 CVE-2017-6213 Cross-site Scripting vulnerability in Paypal PHP Invoice SDK
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
network
paypal CWE-79
3.5
2018-04-27 CVE-2013-7202 Permissions, Privileges, and Access Controls vulnerability in Paypal
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
network
paypal CWE-264
6.8
2018-04-27 CVE-2013-7201 Improper Certificate Validation vulnerability in Paypal
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
network
paypal CWE-295
5.8
2017-02-24 CVE-2017-6099 Cross-site Scripting vulnerability in Paypal Merchant-Sdk-PHP 3.9.1
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
network
paypal CWE-79
4.3
2012-11-06 CVE-2011-5237 Improper Input Validation vulnerability in Paypal WPS Toolkit
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
paypal CWE-20
5.8
2012-11-04 CVE-2012-5806 Improper Input Validation vulnerability in multiple products
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.
5.8
2012-11-04 CVE-2012-5805 Improper Input Validation vulnerability in multiple products
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.
5.8
2012-11-04 CVE-2012-5802 Improper Input Validation vulnerability in multiple products
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5.8