CVE-2013-7202
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
Date published : 2018-04-27
https://labs.mwrinfosecurity.com/advisories/paypal-remote-code-execution/