paypal/invoice-sdk-php is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of permToken
and allows arbitrary scripts to be rendered in samples/permissions.php
.
CPE | Name | Operator | Version |
---|---|---|---|
paypal/invoice-sdk-php | le | 3.9.0 |