Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.9 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS6.4AI score0.01493EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2137

Malware in sbrugna...

7.5CVSS7.5AI score0.01493EPSS
Exploits0References6
Veracode
Veracode
added 2025/03/21 2:32 a.m.9 views

Payment Manipulation

Sylius PayPal Plugin is vulnerable to Payment Manipulation. The vulnerability is due to PayPal not receiving updated totals after item quantity changes, allowing attackers to pay less than the actual order value, causing financial losses for merchants...

6.5CVSS6.6AI score0.00464EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2025/03/19 4:15 p.m.8 views

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS0.00323EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/19 3:57 p.m.11 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS6.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/19 3:57 p.m.28 views

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

6.5CVSS0.00323EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/19 2:27 p.m.10 views

CVE-2025-29788

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.7AI score0.00464EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/17 1:25 p.m.8 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.2AI score0.00464EPSS
Exploits0References6
CVE
CVE
added 2025/03/17 1:25 p.m.59 views

CVE-2025-29788

CVE-2025-29788 affects the Sylius PayPal Plugin (Sylius Core Team) for PayPal Commerce. In versions prior to 1.6.1, 1.7.1, and 2.0.1, a vulnerability allows manipulating the final PayPal payment amount when a user changes the item quantity in the cart after initiating PayPal Express Checkout. Pay...

6.5CVSS6.5AI score0.00464EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/17 1:25 p.m.21 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS0.00464EPSS
Exploits0References6
OSV
OSV
added 2025/03/17 1:25 p.m.8 views

CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...

6.5CVSS6.3AI score0.00464EPSS
Exploits0References8
OSV
OSV
added 2021/10/06 5:49 p.m.18 views

GHSA-25FX-MXC2-76G7 Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS

Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...

7.5CVSS7.4AI score0.01493EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/10/06 5:49 p.m.41 views

Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS

Impact URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to access for anyone, not even the order's customer. The problem was, the Credit card form has prefilled "credit card holder" field with the Customer's firs...

7.5CVSS0.7AI score0.01493EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/10/05 9:15 p.m.30 views

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

7.5CVSS0.01493EPSS
Exploits0References3
Rows per page
Query Builder