Paypal

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48345 1Paypal 1Braintree/sanitize Url Mar 12, 2025 Feb 24, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2022-21129 1Paypal 1Nemo Appium Mar 27, 2025 Jan 31, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-ru...Show more Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. Show less
CVE-2021-23648 2Fedoraproject Paypal 2Braintree/sanitize Url Fedora Nov 21, 2024 Mar 16, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
CVE-2017-6217 1Paypal 1Adaptive Payments Sdk Nov 21, 2024 Jul 10, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution
CVE-2017-6215 1Paypal 1Php Permissions Sdk Nov 21, 2024 Aug 2, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
CVE-2017-6213 1Paypal 1Php Invoice Sdk Nov 21, 2024 Aug 2, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
CVE-2013-7202 1Paypal 1Paypal Nov 21, 2024 Apr 27, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
CVE-2013-7201 1Paypal 1Paypal Nov 21, 2024 Apr 27, 2018 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
CVE-2017-6099 1Paypal 1Merchant Sdk Php May 13, 2026 Feb 24, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
CVE-2011-5237 1Paypal 1Wps Toolkit Apr 29, 2026 Nov 6, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL...Show more PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-5806 2Paypal Zen Cart 2Payments Pro Zen Cart Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...Show more The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function, a different vulnerability than CVE-2012-5805.Show less
CVE-2012-5805 2Paypal Zen Cart 2Instant Payment Notification Zen Cart Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a...Show more The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806.Show less
CVE-2012-5802 2Paypal Ubercart 2Paypal Ubercart Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to...Show more The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-5798 2Oscommerce Paypal 2Oscommerce Payflow Pro Express Checkout Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-mi...Show more The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-5796 2Oscommerce Paypal 2Oscommerce Paypal Pro Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack...Show more The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-5791 1Paypal 1Invoicing Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL se...Show more PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less
CVE-2012-5790 1Paypal 1Payments Standard Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-mid...Show more PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value.Show less
CVE-2012-5789 1Paypal 1Payments Standard Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...Show more PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to intentional disabling of certificate-validation checks through a "FALSE" value.Show less
CVE-2012-5788 1Paypal 1Ipn Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...Show more The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function.Show less
CVE-2012-5787 1Paypal 1Merchant Sdk Apr 29, 2026 Nov 4, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...Show more The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Show less

12 Next