threat
engine
.sh
Back
·
··:··
Home
/
Product
/
janobe paypal
Product
janobe paypal
31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-33973
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33972
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33971
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33970
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33969
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33968
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33967
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33966
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33965
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33964
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33963
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33962
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33961
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33960
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2024-33981
all versions
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could cr
7.1
HIGH
CVE-2024-33980
all versions
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could cr
7.1
HIGH
CVE-2024-33979
all versions
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could cr
7.1
HIGH
CVE-2024-33959
all versions
SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vu
9.8
CRITICAL
CVE-2023-28843
>= 3.12.0 and < 3.16.4
PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL
9.8
CRITICAL
CVE-2022-48345
< 6.0.2
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
6.1
MEDIUM
CVE-2021-23648
< 6.0.0
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sani
5.4
MEDIUM
CVE-2013-7202
<= 5.3
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the sys
8.1
HIGH
CVE-2013-7201
<= 5.3
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof s
7.4
HIGH
CVE-2012-5806
all versions
The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common
CVE-2012-5802
all versions
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or
CVE-2012-5790
all versions
PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Comm
CVE-2012-5789
all versions
PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject
CVE-2012-5784
all versions
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Mess
CVE-2010-4211
<= 3.0
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 ce
CVE-2006-0202
<= 0.50
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permis
CVE-2006-0201
<= 0.50
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote atta
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin