Vulnerabilities > Paypal > Low

DATE CVE VULNERABILITY TITLE RISK
2018-08-02 CVE-2017-6213 Cross-site Scripting vulnerability in Paypal PHP Invoice SDK
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
network
paypal CWE-79
3.5
2018-08-02 CVE-2017-6215 Cross-site Scripting vulnerability in Paypal PHP Permissions SDK
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
network
paypal CWE-79
3.5
2006-01-13 CVE-2006-0202 Unspecified vulnerability in Paypal PHP Toolkit
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.
local
low complexity
paypal
3.6