Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btcpayserver btcpay server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-32984
BTCPay Server 1.3.0 up to and including 1.5.3 allows a remote malicious user to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using t...
Btcpayserver Btcpay Server
NA
CVE-2023-0493
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.7.5.
Btcpayserver Btcpay Server
NA
CVE-2023-0879
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver before 1.7.12.
Btcpayserver Btcpay Server
312
VMScore
CVE-2021-3830
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Btcpayserver Btcpay Server
383
VMScore
CVE-2021-3646
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Btcpayserver Btcpay Server
NA
CVE-2023-1149
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.8.0.
Btcpayserver Btcpay Server
445
VMScore
CVE-2021-29247
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
Btcpayserver Btcpay Server
445
VMScore
CVE-2021-29248
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
Btcpayserver Btcpay Server
445
VMScore
CVE-2021-29249
BTCPay Server prior to 1.0.6.0, when the payment button is used, has a privacy vulnerability.
Btcpayserver Btcpay Server
312
VMScore
CVE-2021-29251
BTCPay Server prior to 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
Btcpayserver Btcpay Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started