CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7201
https://notcve.org/view.php?id=CVE-2013-7201
27 Apr 2018 — WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. WebHybridClient.java en PayPal 5.3 y anteriores para Android ignora los errores de SSL, lo que permite que atacantes Man-in-the-Middle (MitM) suplanten servidores y obtengan información sensible. • http://secunia.com/advisories/57351 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7202
https://notcve.org/view.php?id=CVE-2013-7202
27 Apr 2018 — The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. La clase WebHybridClient en PayPal 5.3 y anteriores para permite que atacantes remotos ejecuten JavaScript arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/92099 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6099
https://notcve.org/view.php?id=CVE-2017-6099
23 Feb 2017 — Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. Vulnerabilidad de XSS en GetAuthDetails.html.php en PayPal PHP Merchant SDK (también conocido como merchant-sdk-php) 3.9.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro token. • http://www.securityfocus.com/bid/96432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2011-5237
https://notcve.org/view.php?id=CVE-2011-5237
06 Nov 2012 — PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. PayPal WPS ToolKit no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a ... • http://www.unrest.ca/peerjacking • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5796
https://notcve.org/view.php?id=CVE-2012-5796
04 Nov 2012 — The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo PayPal Pro en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-mi... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5802
https://notcve.org/view.php?id=CVE-2012-5802
04 Nov 2012 — The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo PayPal en UberCart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsifi... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5790
https://notcve.org/view.php?id=CVE-2012-5790
04 Nov 2012 — PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to misinterpretation of a certain TRUE value. La librería PHP PayPal Payments Standard 20120427 no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5798
https://notcve.org/view.php?id=CVE-2012-5798
04 Nov 2012 — The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. El módulo PayPal Pro PayFlow EC en osCommerce no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a a... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2012-5791
https://notcve.org/view.php?id=CVE-2012-5791
04 Nov 2012 — PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. PayPal Invoicing no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5805
https://notcve.org/view.php?id=CVE-2012-5805
04 Nov 2012 — The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, a different vulnerability than CVE-2012-5806. La funcionalidad PayPal IPN en Zen Cart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del cer... • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •