Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btcpayserver btcpay server vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-29250
BTCPay Server up to and including 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.
Btcpayserver Btcpay Server
5.4
CVSSv3
CVE-2023-1149
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.8.0.
Btcpayserver Btcpay Server
7.5
CVSSv3
CVE-2022-32984
BTCPay Server 1.3.0 up to and including 1.5.3 allows a remote malicious user to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using t...
Btcpayserver Btcpay Server
8.8
CVSSv3
CVE-2023-0493
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.7.5.
Btcpayserver Btcpay Server
6.7
CVSSv3
CVE-2021-29246
BTCPay Server up to and including 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.
Btcpayserver Btcpay Server
6.1
CVSSv3
CVE-2021-3646
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Btcpayserver Btcpay Server
5.3
CVSSv3
CVE-2021-29245
BTCPay Server up to and including 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.
Btcpayserver Btcpay Server
5.3
CVSSv3
CVE-2021-29247
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
Btcpayserver Btcpay Server
5.3
CVSSv3
CVE-2021-29248
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
Btcpayserver Btcpay Server
7.5
CVSSv3
CVE-2021-29249
BTCPay Server prior to 1.0.6.0, when the payment button is used, has a privacy vulnerability.
Btcpayserver Btcpay Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »