Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Btcpay_server
(Btcpayserver)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-26 | CVE-2021-29249 | BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. | Btcpay_server | 7.5 | ||
| 2021-04-01 | CVE-2021-29251 | BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured. | Btcpay_server | 6.5 | ||
| 2021-05-05 | CVE-2021-29245 | BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | Btcpay_server | 5.3 | ||
| 2021-05-05 | CVE-2021-29246 | BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | Btcpay_server | 6.7 | ||
| 2021-05-05 | CVE-2021-29247 | BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | Btcpay_server | 5.3 | ||
| 2021-05-05 | CVE-2021-29248 | BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | Btcpay_server | 5.3 | ||
| 2021-05-05 | CVE-2021-29250 | BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing. | Btcpay_server | 5.4 | ||
| 2021-09-10 | CVE-2021-3646 | btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Btcpay_server | 6.1 | ||
| 2021-09-26 | CVE-2021-3830 | btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Btcpay_server | 5.4 | ||
| 2023-01-26 | CVE-2023-0493 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | Btcpay_server | 8.8 |