Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
CPE | Name | Operator | Version |
---|---|---|---|
merchant-sdk-php | eq | 3.9.1 |