Paypal

paypal

Vendor: Paypal • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-7202 1Paypal 1Paypal Nov 21, 2024 Apr 27, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
CVE-2013-7201 1Paypal 1Paypal Nov 21, 2024 Apr 27, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
CVE-2012-5802 2Paypal Ubercart 2Paypal Ubercart Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to...Show more The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less