btcpayserver

CVEs (10)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-1270	btcpayserver btcpayserver	—	0.00	Mar 8, 2023	Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
CVE-2023-1149	btcpayserver btcpayserver	—	0.00	Mar 2, 2023	Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
CVE-2023-0879	btcpayserver btcpayserver	—	0.00	Feb 17, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
CVE-2023-0810	btcpayserver btcpayserver	—	0.00	Feb 13, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
CVE-2023-0747	btcpayserver btcpayserver	—	0.00	Feb 8, 2023	Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
CVE-2023-0748	btcpayserver btcpayserver	—	0.01	Feb 8, 2023	Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
CVE-2022-32984	btcpayserver btcpayserver	—	0.00	Jan 31, 2023	BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning…
CVE-2023-0493	btcpayserver btcpayserver	—	0.10	Jan 26, 2023	Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2021-3830	btcpayserver btcpayserver	—	0.00	Sep 26, 2021	btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3646	btcpayserver btcpayserver	—	0.00	Sep 10, 2021	btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-1270Mar 8, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
CVE-2023-1149Mar 2, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
CVE-2023-0879Feb 17, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
CVE-2023-0810Feb 13, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
CVE-2023-0747Feb 8, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
CVE-2023-0748Feb 8, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.01
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
CVE-2022-32984Jan 31, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning…
CVE-2023-0493Jan 26, 2023
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.10
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVE-2021-3830Sep 26, 2021
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3646Sep 10, 2021
btcpayserver
btcpayserver
risk 0.00cvss —epss 0.00
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')