AIKIDO-2026-10134
globalpayments/php-sdk is vulnerable to Cross-site Scripting (XSS)
30
Low Risk
This Affects:
globalpayments/php-sdkTL;DR
Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) due to improper handling of dynamic params in the example code snippets, where values obtained from HTTP headers and request metadata are embedded into application-generated URLs and markup without sufficient context-aware encoding. Because these values can influence attributes, anchors, or other HTML and JavaScript contexts, an attacker may craft a malicious request that injects an executable script into the rendered page, leading to arbitrary script execution in the victim’s browser, session compromise, data exfiltration, or unauthorized actions within the application context.
Who does this affect?
You are affected if you are using a version within the vulnerable range and have used the maintainer's example code templates.
Background info
globalpayments/php-sdk is vulnerable to Cross-site Scripting (XSS) in versions 2.2.13 - 14.1.0.
How to fix this
Upgrade the globalpayments/php-sdk library to the patch version or fix the code that was built using the example snippets.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant