EPSS
Percentile
23.5%
paypal/invoice-sdk-php is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of permToken and allows arbitrary scripts to be rendered in samples/permissions.php.
permToken
samples/permissions.php
github.com/paypal/invoice-sdk-php/commit/367b6bc85bc12d1cd7a49c85970d1bae7593e222
github.com/paypal/invoice-sdk-php/issues/13
github.com/paypal/invoice-sdk-php/pull/15