Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
paypal paypal - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5787
The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certificate.
Paypal Merchant Sdk -
8.8
CVSSv3
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Woocommerce Paypal Payments
NA
CVE-2008-6535
admin/settings.php in PayPal eStores allows remote malicious users to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter.
Paypalestores Paypal Estores -
1 EDB exploit
5.3
CVSSv3
CVE-2020-7643
paypal-adaptive up to and including 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Idea Paypal-adaptive
9.8
CVSSv3
CVE-2022-21129
Versions of the package nemo-appium prior to 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-app...
Paypal Nemo-appium
NA
CVE-2012-5784
Apache Axis 1.4 and previous versions, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the sub...
Apache Axis 1.0
Paypal Mass Pay -
Apache Axis -
Apache Axis 1.1
Apache Axis 1.2
Paypal Transactional Information Soap -
Paypal Payments Pro -
Apache Axis 1.2.1
Apache Activemq
Apache Axis
Apache Axis 1.3
5.4
CVSSv3
CVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution.
Paypal Php Invoice Sdk
5.4
CVSSv3
CVE-2017-6215
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution.
Paypal Php Permissions Sdk
5.4
CVSSv3
CVE-2022-3983
The Checkout for PayPal WordPress plugin prior to 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Noorsplugin Checkout For Paypal
NA
CVE-2012-5790
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitra...
Paypal Payments Standard 20120427
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »