Filtered by vendor Paypal
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2023-12-10 | N/A | 9.8 CRITICAL |
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
CVE-2022-48345 | 1 Paypal | 1 Braintree\/sanitize-url | 2023-12-10 | N/A | 6.1 MEDIUM |
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. | |||||
CVE-2021-23648 | 2 Fedoraproject, Paypal | 2 Fedora, Braintree\/sanitize-url | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | |||||
CVE-2017-6217 | 1 Paypal | 1 Adaptive Payments Sdk | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution | |||||
CVE-2017-6215 | 1 Paypal | 1 Php Permissions Sdk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | |||||
CVE-2017-6213 | 1 Paypal | 1 Php Invoice Sdk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | |||||
CVE-2013-7201 | 1 Paypal | 1 Paypal | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
CVE-2013-7202 | 1 Paypal | 1 Paypal | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | |||||
CVE-2017-6099 | 1 Paypal | 1 Merchant-sdk-php | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. | |||||
CVE-2012-5805 | 2 Paypal, Zen-cart | 2 Instant Payment Notification, Zen Cart | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. | |||||
CVE-2012-5788 | 1 Paypal | 1 Ipn | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | |||||
CVE-2011-5237 | 1 Paypal | 1 Wps Toolkit | 2023-12-10 | 5.8 MEDIUM | N/A |
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-5798 | 2 Oscommerce, Paypal | 2 Oscommerce, Payflow Pro Express Checkout | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-5802 | 2 Paypal, Ubercart | 2 Paypal, Ubercart | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-5796 | 2 Oscommerce, Paypal | 2 Oscommerce, Paypal Pro | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2012-5790 | 1 Paypal | 1 Payments Standard | 2023-12-10 | 5.8 MEDIUM | N/A |
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value. | |||||
CVE-2012-2058 | 2 Drupal, Paypal | 2 Drupal, Ubercart Payflow | 2023-12-10 | 5.0 MEDIUM | N/A |
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. | |||||
CVE-2012-5789 | 1 Paypal | 1 Payments Standard | 2023-12-10 | 5.8 MEDIUM | N/A |
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value. | |||||
CVE-2012-5806 | 2 Paypal, Zen-cart | 2 Payments Pro, Zen Cart | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805. | |||||
CVE-2012-5787 | 1 Paypal | 1 Merchant Sdk | 2023-12-10 | 5.8 MEDIUM | N/A |
The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |