The GoCardless Python Client Library is an official Python wrapper for the GoCardless API provided by the gocardless.Client object. GoCardless is a service that lets users accept online payments. With the API, users can create subscriptions and automated bills. In addition, the API can read existing resources and create bills under a pre-existing authorization.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.