Vulnerabilities > Paypal > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-02 | CVE-2017-6213 | Cross-site Scripting vulnerability in Paypal PHP Invoice SDK paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | 3.5 |
| 2018-08-02 | CVE-2017-6215 | Cross-site Scripting vulnerability in Paypal PHP Permissions SDK paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | 3.5 |
| 2006-01-13 | CVE-2006-0202 | Unspecified vulnerability in Paypal PHP Toolkit Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | 3.6 |