CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0535 – Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0535
The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Donation Block For PayPal for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/8c50321a-dba8-4379-9b9c-4c349e44b2ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-21129
https://notcve.org/view.php?id=CVE-2022-21129
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. Las versiones del paquete nemo-appium anteriores a la 0.0.9 son vulnerables a la inyección de comandos debido a una sanitización de entrada inadecuada en la función 'module.exports.setup'. **Nota:** Para aprovechar esta vulnerabilidad, appium-running 0.1.3 debe instalarse como una de las dependencias de nemo-appium. • https://github.com/paypal/nemo-appium/blob/master/index.js%23L27 https://github.com/paypal/nemo-appium/commit/aa271d36dd5c81baae3c43aa2616c84f0ee4195f https://security.snyk.io/vuln/SNYK-JS-NEMOAPPIUM-3183747 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-23648 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23648
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. El paquete @braintree/sanitize-url versiones anteriores a 6.0.0 es vulnerable a un ataque de tipo Cross-site Scripting (XSS) debido a un saneo inapropiado en la función sanitizeUrl A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url. • https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11 https://github.com/braintree/sanitize-url/pull/40 https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH https://lists.fedoraproject.org/archives/list/package-announce%40lists. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6217
https://notcve.org/view.php?id=CVE-2017-6217
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution El programa paypal/adaptivepayments-sdk-php versión v3.9.2, es vulnerable a un problema de tipo XSS reflejado en el archivo SetPaymentOptions.php resultando en la ejecución del código. • https://github.com/paypal/adaptivepayments-sdk-php/issues/87 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6213
https://notcve.org/view.php?id=CVE-2017-6213
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. paypal/invoice-sdk-php es vulnerable a Cross-Site Scripting (XSS) reflejado en samples/permissions.php mediante el parámetro permToken, lo que resulta en la ejecución de código. • https://github.com/paypal/invoice-sdk-php/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •