btcpayserver
Cloud & SaaSoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting btcpayserver.
- CVE-2023-1270Cross-site Scripting in btcpayserver/btcpayserver5.4
- CVE-2023-1149Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver5.4
- CVE-2023-0879Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver6.3
- CVE-2023-0810Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver5.4
- CVE-2023-0748Open Redirect in btcpayserver/btcpayserver6.4
- CVE-2023-0747Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver5.5
- CVE-2022-32984BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, incl...7.5
- CVE-2023-0493Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver5.3
- CVE-2021-3830Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver5.4
- CVE-2021-3646Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver6.1
- CVE-2021-29250BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.5.4
- CVE-2021-29248BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.5.3
- CVE-2021-29247BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.5.3
- CVE-2021-29246BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with specia...6.7
- CVE-2021-29245BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.5.3