Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2012-5663

Malware in sbrugna...

5.8CVSS6.4AI score0.0057EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4675

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.01244EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:21 a.m.19 views

PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score0.01244EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/14 1:21 a.m.18 views

GHSA-P4G7-WJHQ-9R2H PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6AI score0.01244EPSS
Exploits1References4
Veracode
Veracode
added 2020/06/03 2:53 a.m.9 views

Cross-site Scripting (XSS)

paypal/merchant-sdk-php is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists due to insufficient filtration of user-supplied data in token HTTP GET parameter in samples/AccountAuthentication/GetAuthDetails.html.php, allowing a malicious user to inject and execute arbitrary w...

1.6AI score
Exploits0
OpenVAS
OpenVAS
added 2017/02/28 12:0 a.m.21 views

PayPal PHP Merchant SDK <= 3.9.1 Cross-site Scripting Vulnerability

This host has installed the PayPal PHP Merchant SDK and is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.1CVSS6.1AI score0.01244EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2017/02/28 12:0 a.m.20 views

PayPal PHP Merchant SDK Detection

This script detects the installed version of the PayPal PHP Merchant SDK. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/02/27 12:0 a.m.4 views

PayPal PHP Merchant SDK Cross-Site Scripting Vulnerability

The PayPal PHP Merchant SDK is a development toolkit for integration with PayPal's Express Checkout and Web Payments Pro APIs. A cross-site scripting vulnerability in the GetAuthDetails.html.php file in the PayPal PHP Merchant SDK allows remote attackers to exploit the vulnerability to inject...

6.1CVSS6AI score0.01244EPSS
Exploits1References1
OSV
OSV
added 2017/02/24 2:59 a.m.11 views

CVE-2017-6099

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2017/02/23 9:0 p.m.55 views

CVE-2017-6099

CVE-2017-6099 is an XSS vulnerability affecting PayPal PHP Merchant SDK (merchant-sdk-php)

6.1CVSS6AI score0.01244EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2014/02/27 6:33 p.m.6 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
Prion
Prion
added 2012/11/04 10:55 p.m.12 views

Code injection

The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.00911EPSS
Exploits1References5
Prion
Prion
added 2012/11/04 10:55 p.m.12 views

Code injection

The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.0057EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

4.3CVSS6.1AI score0.01244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.36 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

6.1CVSS5.9AI score0.01244EPSS
Exploits1Affected Software1
Rows per page
Query Builder