Reflected XSS vulnerability found in the merchant SDK.

paypal / merchant-sdk-php

PHP SDK for integrating with PayPal's Express Checkout / MassPay / Web Payments Pro APIs

Other

231 stars 201 forks source link

Reflected XSS vulnerability found in the merchant SDK. #134

Closed DrHazemAli closed 7 years ago

DrHazemAli commented 7 years ago

Issue description

There's a Reflected XSS vulnerability in the merchant SDK. The vulnerability exists due to insufficient filtration of user-supplied data in token. See Below!

Proof

alt tag

Fixes

i've submitted a pull-request which includes fixes.

randstraw commented 7 years ago

We are aware of the issue in the sample code. It is currently being tracked here: https://github.com/paypal/merchant-sdk-php/issues/129

Please follow the above issue for further updates.