MEDIUM
Paypal
CVE published 2017-02-24
CVE-2017-6099
CVE-2017-6099 is a cross-site scripting issue in PayPal's merchant-sdk-php 3.9.1. The vulnerable behavior is described in GetAuthDetails.html.php, where the token parameter can be used to inject arbitrary web script or HTML. NVD classifies the weakness as CWE-79 and rates the issue CVSS 3.0 6.1 (network exploitable, user interaction required, scope changed).