Skip to main content

Btcpay Server

12 CVEs product

Monthly

CVE-2023-1149 MEDIUM POC PATCH This Month

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0879 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0493 HIGH POC PATCH This Week

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2021-3830 MEDIUM POC PATCH This Month

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3646 MEDIUM POC PATCH This Month

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29250 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29248 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-29247 MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-29246 MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Btcpay Server
NVD GitHub
CVSS 3.1
6.7
EPSS
1.5%
CVE-2021-29245 MEDIUM This Month

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-29251 MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29249 HIGH This Week

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
EPSS 8% CVSS 8.8
HIGH POC PATCH This Week

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Btcpay Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
EPSS 2% CVSS 6.7
MEDIUM This Month

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Path Traversal Btcpay Server
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Btcpay Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy