paypal/invoice-sdk-php reflected XSS

2022-05-1402:58:17

Google

osv.dev

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.7%

JSON

paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.

CPENameOperatorVersion
paypal/invoice-sdk-phpeq2.5.106
paypal/invoice-sdk-phpeq3.8.107
paypal/invoice-sdk-phpeq3.4.102
paypal/invoice-sdk-phpeq3.5.103
paypal/invoice-sdk-phpeq3.9.0
paypal/invoice-sdk-phpeq2.2.98
paypal/invoice-sdk-phpeq2.3.101
paypal/invoice-sdk-phpeq2.3.100
paypal/invoice-sdk-phpeq2.4.103
paypal/invoice-sdk-phpeq3.8.106

Name	Operator	Version
paypal/invoice-sdk-php	eq	2.5.106
paypal/invoice-sdk-php	eq	3.8.107
paypal/invoice-sdk-php	eq	3.4.102
paypal/invoice-sdk-php	eq	3.5.103
paypal/invoice-sdk-php	eq	3.9.0
paypal/invoice-sdk-php	eq	2.2.98
paypal/invoice-sdk-php	eq	2.3.101
paypal/invoice-sdk-php	eq	2.3.100
paypal/invoice-sdk-php	eq	2.4.103
paypal/invoice-sdk-php	eq	3.8.106