PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability

2022-05-1401:21:17

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.

CPENameOperatorVersion
paypal/merchant-sdk-phpeq3.9.1
paypal/merchant-sdk-phpeq3.9.0
paypal/merchant-sdk-phpeq3.11.0
paypal/merchant-sdk-phpeq3.4.102
paypal/merchant-sdk-phpeq3.6.106
paypal/merchant-sdk-phpeq3.5.103
paypal/merchant-sdk-phpeq3.8.106
paypal/merchant-sdk-phpeq3.10.0
paypal/merchant-sdk-phpeq3.8.107

Name	Operator	Version
paypal/merchant-sdk-php	eq	3.9.1
paypal/merchant-sdk-php	eq	3.9.0
paypal/merchant-sdk-php	eq	3.11.0
paypal/merchant-sdk-php	eq	3.4.102
paypal/merchant-sdk-php	eq	3.6.106
paypal/merchant-sdk-php	eq	3.5.103
paypal/merchant-sdk-php	eq	3.8.106
paypal/merchant-sdk-php	eq	3.10.0
paypal/merchant-sdk-php	eq	3.8.107