Show filters
17 Total Results
Displaying 1-10 of 17
Sort by:
Attacker Value
Unknown

CVE-2023-1270

Disclosure Date: March 08, 2023 (last updated October 08, 2023)
Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-1149

Disclosure Date: March 02, 2023 (last updated October 08, 2023)
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-0879

Disclosure Date: February 17, 2023 (last updated October 10, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-0810

Disclosure Date: February 13, 2023 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-0748

Disclosure Date: February 08, 2023 (last updated October 10, 2023)
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-0747

Disclosure Date: February 08, 2023 (last updated October 10, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-32984

Disclosure Date: January 31, 2023 (last updated October 08, 2023)
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-0493

Disclosure Date: January 26, 2023 (last updated October 10, 2023)
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-3830

Disclosure Date: September 26, 2021 (last updated February 23, 2025)
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-3646

Disclosure Date: September 10, 2021 (last updated February 23, 2025)
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
View More Topics  Next >