paypal/permissions-sdk-php is vulnerable to cross-site scripting (XSS) attacks. The library does not properly filter user input in the HTTP_REQUEST
parameter in the GetAccessToken.php
sample, allowing a malicious user to inject and execute arbitrary Javascript.
CPE | Name | Operator | Version |
---|---|---|---|
paypal/permissions-sdk-php | le | 3.9.1 |