This NodeJS SDK enables the bank validation module in applications connected to Cashfree. Cashfree is a payments and banking technology company that helps businesses collect and disburse payments via almost 100 payment methods.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Venmo transactions are still easily obtained by the public according to computer science student Dan Salmon, who says that he accessed millions of transactions over a six-month period in an effort to raise awareness about privacy on the popular PayPal-owned peer-to-peer payments service.