VYPR

Merchant Sdk PHP

by Paypal

Source repositories

CVEs (2)

  • CVE-2017-6099MedFeb 24, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.

  • CVE-2012-5787Nov 4, 2012
    risk 0.00cvss epss 0.01

    The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.