Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-2058
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote malicious users to forge payments via unspecified vectors.
Paypal Ubercart Payflow -
5
CVSSv2
CVE-2021-41120
sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id (/pay-with-paypal/{id}) and therefore it was easy to predict. The problem is that the Cred...
Sylius Paypal
5.8
CVSSv2
CVE-2012-5788
The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate, r...
Paypal Ipn -
NA
CVE-2023-28843
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote malicious user to gain p...
202-ecommerce Paypal
NA
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Woocommerce Paypal Payments
NA
CVE-2022-21129
Versions of the package nemo-appium prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-app...
Paypal Nemo-appium
5
CVSSv2
CVE-2020-7643
paypal-adaptive up to and including 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Idea Paypal-adaptive
5.8
CVSSv2
CVE-2011-5237
PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Wps Toolkit -
3.6
CVSSv2
CVE-2006-0202
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/...
Paypal Php Toolkit
7.5
CVSSv2
CVE-2005-1362
Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote malicious users to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText,...
Metalinks Metacart2 Paypal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »