Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

PKSA-w5y9-k8s5-8kwq CVE-2017-6099

Affected version: <3.0|>=3.0.0,<3.12.0

Reported by:
FriendsOfPHP/security-advisories