CVE-2021-29250

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:btcpayserver:btcpay_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-05-05 13:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-29250

Mitre link : CVE-2021-29250

CVE.ORG link : CVE-2021-29250


JSON object : View

Products Affected

btcpayserver

  • btcpay_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')