VYPR

Paypal

by Paypal

CVEs (3)

  • CVE-2013-7202HigApr 27, 2018
    risk 0.53cvss 8.1epss 0.02

    The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.

  • CVE-2012-5802Nov 4, 2012
    risk 0.00cvss epss 0.01

    The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

  • CVE-2010-4211Nov 9, 2010
    risk 0.00cvss epss 0.00

    The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.