Known Vulnerabilities for products from Paypal
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Paypal".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39707 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39643 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39366 json | Not Provided | 2026-04-07 | 2026-04-08 | |
| CVE-2026-32536 json | Not Provided | 2026-03-25 | 2026-03-25 | |
| CVE-2026-3124 json | Not Provided | 2026-03-30 | 2026-03-30 | |
| CVE-2025-68602 json | Not Provided | 2025-12-24 | 2026-04-01 | |
| CVE-2025-63023 json | Not Provided | 2025-12-09 | 2026-04-01 | |
| CVE-2025-58956 json | Not Provided | 2025-09-22 | 2026-04-01 | |
| CVE-2025-57891 json | Not Provided | 2025-08-22 | 2026-04-01 | |
| CVE-2025-47623 json | Not Provided | 2025-05-07 | 2026-04-01 | |
| CVE-2022-48345 json | sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities. | 6.1 - MEDIUM | 2023-02-24 | 2023-03-02 |
| CVE-2022-21129 json | Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in th... | 9.8 - CRITICAL | 2023-01-31 | 2023-11-07 |
| CVE-2021-23648 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-16 | 2023-11-07 |
| CVE-2017-6217 json | paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution | 6.1 - MEDIUM | 2019-07-10 | 2019-07-11 |
| CVE-2017-6215 json | paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resu... | 5.4 - MEDIUM | 2018-08-02 | 2018-09-27 |
| CVE-2017-6213 json | paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in co... | 5.4 - MEDIUM | 2018-08-02 | 2018-09-27 |
| CVE-2017-6099 json | Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 a... | 6.1 - MEDIUM | 2017-02-24 | 2019-03-13 |
| CVE-2013-7202 json | The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on th... | 8.1 - HIGH | 2018-04-27 | 2018-06-07 |
| CVE-2013-7201 json | WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to sp... | 7.4 - HIGH | 2018-04-27 | 2018-06-13 |
| CVE-2012-5806 json | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Co... | 5.8 - MEDIUM | 2012-11-04 | 2012-11-06 |
Known software with vulnerabilities from Paypal
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Paypal | Adaptive Payments Sdk | 2.1.96 |
| Application | Paypal | Instant Payment Notification | - |
| Application | Paypal | Mass Pay | - |
| Application | Paypal | Merchant-sdk-php | 3.9.1 |
| Application | Paypal | Merchant Sdk | - |
| Application | Paypal | Payments Pro | - |
| Application | Paypal | Payments Standard | - |
| Application | Paypal | Paypal | 3.1.1.1 |
| Application | Paypal | Php Invoice Sdk | 2.1.96 |
| Application | Paypal | Php Permissions Sdk | 2.1.96 |
| Application | Paypal | Transactional Information Soap | - |
| Application | Paypal | Website Payments Standard Module | 1.0 |