Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btcpayserver btcpay server vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-1149
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.8.0.
Btcpayserver Btcpay Server
6.5
CVSSv3
CVE-2021-29251
BTCPay Server prior to 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
Btcpayserver Btcpay Server
5.4
CVSSv3
CVE-2021-3830
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Btcpayserver Btcpay Server
8.8
CVSSv3
CVE-2023-0493
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver before 1.7.5.
Btcpayserver Btcpay Server
7.5
CVSSv3
CVE-2022-32984
BTCPay Server 1.3.0 up to and including 1.5.3 allows a remote malicious user to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using t...
Btcpayserver Btcpay Server
5.3
CVSSv3
CVE-2021-29247
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
Btcpayserver Btcpay Server
7.5
CVSSv3
CVE-2021-29249
BTCPay Server prior to 1.0.6.0, when the payment button is used, has a privacy vulnerability.
Btcpayserver Btcpay Server
5.4
CVSSv3
CVE-2023-0879
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver before 1.7.12.
Btcpayserver Btcpay Server
5.3
CVSSv3
CVE-2021-29248
BTCPay Server up to and including 1.0.7.0 could allow a remote malicious user to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
Btcpayserver Btcpay Server
6.1
CVSSv3
CVE-2021-3646
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Btcpayserver Btcpay Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started