Cross-site Scripting (XSS)

2018-08-0305:05:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

23.7%

JSON

paypal/invoice-sdk-php is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of permToken and allows arbitrary scripts to be rendered in samples/permissions.php.

CPENameOperatorVersion
paypal/invoice-sdk-phple3.9.0

CPE	Name	Operator	Version
	paypal/invoice-sdk-php	le	3.9.0

References

github.com/paypal/invoice-sdk-php/commit/367b6bc85bc12d1cd7a49c85970d1bae7593e222

github.com/paypal/invoice-sdk-php/issues/13

github.com/paypal/invoice-sdk-php/pull/15

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for VERACODE:7229