Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1149 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | |||||
| CVE-2023-0493 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | N/A | 8.8 HIGH |
| Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | |||||
| CVE-2023-0879 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | |||||
| CVE-2021-3646 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3830 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-29250 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing. | |||||
| CVE-2021-29251 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 3.5 LOW | 6.5 MEDIUM |
| BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured. | |||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 6.5 MEDIUM | 6.7 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | |||||
| CVE-2021-29249 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. | |||||
| CVE-2021-29247 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | |||||
| CVE-2021-29248 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | |||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | |||||