Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities found for btcpayserver/btcpayserver by btcpayserver
CVE-2023-1270 (GCVE-0-2023-1270)
Vulnerability from nvd – Published: 2023-03-08 00:00 – Updated: 2024-08-02 05:40
VLAI?
Title
Cross-site Scripting in btcpayserver/btcpayserver
Summary
Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
Severity ?
5.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ad1f917f-2b25-40ef-9215-c805354c683b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/7b5ce8f70c060b01990d3f7109e97e0144d878a4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ad1f917f-2b25-40ef-9215-c805354c683b"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/7b5ce8f70c060b01990d3f7109e97e0144d878a4"
}
],
"source": {
"advisory": "ad1f917f-2b25-40ef-9215-c805354c683b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1270",
"datePublished": "2023-03-08T00:00:00.000Z",
"dateReserved": "2023-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-02T05:40:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1149 (GCVE-0-2023-1149)
Vulnerability from nvd – Published: 2023-03-02 00:00 – Updated: 2025-03-07 21:41
VLAI?
Title
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
Summary
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
Severity ?
5.7 (Medium)
CWE
- CWE-76 - Improper Neutralization of Equivalent Special Elements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e734209-d7b0-4f57-a8be-c65c82208f2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/ddb125f45892b4dafdbd5c072af1ce623758bb92"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1149",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:41:08.793865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:41:24.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-76",
"description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2e734209-d7b0-4f57-a8be-c65c82208f2f"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/ddb125f45892b4dafdbd5c072af1ce623758bb92"
}
],
"source": {
"advisory": "2e734209-d7b0-4f57-a8be-c65c82208f2f",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1149",
"datePublished": "2023-03-02T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-03-07T21:41:24.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0879 (GCVE-0-2023-0879)
Vulnerability from nvd – Published: 2023-02-17 00:00 – Updated: 2025-03-18 15:59
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:58:56.159611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:59:02.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:21:01.577Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
],
"source": {
"advisory": "9464e3c6-961d-4e23-8b3d-07cbb31de541",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0879",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2023-02-17T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:59:02.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0810 (GCVE-0-2023-0810)
Vulnerability from nvd – Published: 2023-02-13 00:00 – Updated: 2025-03-21 14:35
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a48414ea-63d9-453c-b3f3-2c927b71ec68"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/dffa6accb04df7b80bc584dedef22c9297292ce6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:34:52.843740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:35:14.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a48414ea-63d9-453c-b3f3-2c927b71ec68"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/dffa6accb04df7b80bc584dedef22c9297292ce6"
}
],
"source": {
"advisory": "a48414ea-63d9-453c-b3f3-2c927b71ec68",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0810",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-03-21T14:35:14.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0748 (GCVE-0-2023-0748)
Vulnerability from nvd – Published: 2023-02-08 00:00 – Updated: 2025-03-25 14:00
VLAI?
Title
Open Redirect in btcpayserver/btcpayserver
Summary
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Severity ?
6.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:00:31.599934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:00:39.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpen Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\u003c/p\u003e"
}
],
"value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:21:47.066Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109"
}
],
"source": {
"advisory": "1a0403b6-9ec9-4587-b559-b1afba798c86",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0748",
"datePublished": "2023-02-08T00:00:00.000Z",
"dateReserved": "2023-02-08T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:00:39.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0747 (GCVE-0-2023-0747)
Vulnerability from nvd – Published: 2023-02-08 00:00 – Updated: 2025-03-25 14:01
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0747",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:01:20.775013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:01:28.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:22:52.161Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
],
"source": {
"advisory": "7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0747",
"datePublished": "2023-02-08T00:00:00.000Z",
"dateReserved": "2023-02-08T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:01:28.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0493 (GCVE-0-2023-0493)
Vulnerability from nvd – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:46
VLAI?
Title
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
Summary
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
Severity ?
5.3 (Medium)
CWE
- CWE-76 - Improper Neutralization of Equivalent Special Elements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:45:54.904180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:46:03.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-76",
"description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:22:20.882Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a"
},
{
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
],
"source": {
"advisory": "3a73b45c-6f3e-4536-a327-cdfdbc59896f",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0493",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-25T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:46:03.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3830 (GCVE-0-2021-3830)
Vulnerability from nvd – Published: 2021-09-26 08:15 – Updated: 2024-08-03 17:09
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-26T08:15:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
],
"source": {
"advisory": "0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3830",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"name": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
]
},
"source": {
"advisory": "0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3830",
"datePublished": "2021-09-26T08:15:14.000Z",
"dateReserved": "2021-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3646 (GCVE-0-2021-3646)
Vulnerability from nvd – Published: 2021-09-10 18:02 – Updated: 2024-08-03 17:01
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver
Summary
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T18:02:50.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
],
"source": {
"advisory": "32e30ecf-31fa-45f6-8552-47250ef0e613",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3646",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
]
},
"source": {
"advisory": "32e30ecf-31fa-45f6-8552-47250ef0e613",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3646",
"datePublished": "2021-09-10T18:02:50.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1270 (GCVE-0-2023-1270)
Vulnerability from cvelistv5 – Published: 2023-03-08 00:00 – Updated: 2024-08-02 05:40
VLAI?
Title
Cross-site Scripting in btcpayserver/btcpayserver
Summary
Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.
Severity ?
5.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.8.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ad1f917f-2b25-40ef-9215-c805354c683b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/7b5ce8f70c060b01990d3f7109e97e0144d878a4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ad1f917f-2b25-40ef-9215-c805354c683b"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/7b5ce8f70c060b01990d3f7109e97e0144d878a4"
}
],
"source": {
"advisory": "ad1f917f-2b25-40ef-9215-c805354c683b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1270",
"datePublished": "2023-03-08T00:00:00.000Z",
"dateReserved": "2023-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-02T05:40:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1149 (GCVE-0-2023-1149)
Vulnerability from cvelistv5 – Published: 2023-03-02 00:00 – Updated: 2025-03-07 21:41
VLAI?
Title
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
Summary
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.
Severity ?
5.7 (Medium)
CWE
- CWE-76 - Improper Neutralization of Equivalent Special Elements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.8.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:57.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e734209-d7b0-4f57-a8be-c65c82208f2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/ddb125f45892b4dafdbd5c072af1ce623758bb92"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1149",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:41:08.793865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:41:24.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-76",
"description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2e734209-d7b0-4f57-a8be-c65c82208f2f"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/ddb125f45892b4dafdbd5c072af1ce623758bb92"
}
],
"source": {
"advisory": "2e734209-d7b0-4f57-a8be-c65c82208f2f",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1149",
"datePublished": "2023-03-02T00:00:00.000Z",
"dateReserved": "2023-03-02T00:00:00.000Z",
"dateUpdated": "2025-03-07T21:41:24.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0879 (GCVE-0-2023-0879)
Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2025-03-18 15:59
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.
Severity ?
6.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:58:56.159611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:59:02.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:21:01.577Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"
}
],
"source": {
"advisory": "9464e3c6-961d-4e23-8b3d-07cbb31de541",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0879",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2023-02-17T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:59:02.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0810 (GCVE-0-2023-0810)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 14:35
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
Severity ?
8.8 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a48414ea-63d9-453c-b3f3-2c927b71ec68"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/dffa6accb04df7b80bc584dedef22c9297292ce6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T14:34:52.843740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T14:35:14.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a48414ea-63d9-453c-b3f3-2c927b71ec68"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/commit/dffa6accb04df7b80bc584dedef22c9297292ce6"
}
],
"source": {
"advisory": "a48414ea-63d9-453c-b3f3-2c927b71ec68",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0810",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-03-21T14:35:14.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0748 (GCVE-0-2023-0748)
Vulnerability from cvelistv5 – Published: 2023-02-08 00:00 – Updated: 2025-03-25 14:00
VLAI?
Title
Open Redirect in btcpayserver/btcpayserver
Summary
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Severity ?
6.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0748",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:00:31.599934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:00:39.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOpen Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\u003c/p\u003e"
}
],
"value": "Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:21:47.066Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109"
}
],
"source": {
"advisory": "1a0403b6-9ec9-4587-b559-b1afba798c86",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0748",
"datePublished": "2023-02-08T00:00:00.000Z",
"dateReserved": "2023-02-08T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:00:39.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0747 (GCVE-0-2023-0747)
Vulnerability from cvelistv5 – Published: 2023-02-08 00:00 – Updated: 2025-03-25 14:01
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:33.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0747",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T14:01:20.775013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T14:01:28.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:22:52.161Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7830b9b4-af2e-44ef-8b00-ee2491d4e7ff"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4567/commits/d4e464ad4ef0cbbf61751e70f77865de325dd6cf"
}
],
"source": {
"advisory": "7830b9b4-af2e-44ef-8b00-ee2491d4e7ff",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0747",
"datePublished": "2023-02-08T00:00:00.000Z",
"dateReserved": "2023-02-08T00:00:00.000Z",
"dateUpdated": "2025-03-25T14:01:28.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0493 (GCVE-0-2023-0493)
Vulnerability from cvelistv5 – Published: 2023-01-26 00:00 – Updated: 2025-03-31 16:46
VLAI?
Title
Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
Summary
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
Severity ?
5.3 (Medium)
CWE
- CWE-76 - Improper Neutralization of Equivalent Special Elements
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.7.5
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:10:56.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0493",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T16:45:54.904180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T16:46:03.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.7.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-76",
"description": "CWE-76 Improper Neutralization of Equivalent Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T07:22:20.882Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f"
},
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a"
},
{
"url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html"
}
],
"source": {
"advisory": "3a73b45c-6f3e-4536-a327-cdfdbc59896f",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-0493",
"datePublished": "2023-01-26T00:00:00.000Z",
"dateReserved": "2023-01-25T00:00:00.000Z",
"dateUpdated": "2025-03-31T16:46:03.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3830 (GCVE-0-2021-3830)
Vulnerability from cvelistv5 – Published: 2021-09-26 08:15 – Updated: 2024-08-03 17:09
VLAI?
Title
Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver
Summary
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-26T08:15:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
],
"source": {
"advisory": "0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3830",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
},
{
"name": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8"
}
]
},
"source": {
"advisory": "0fcdee5f-1f07-47ce-b650-ea8b4a7d35d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3830",
"datePublished": "2021-09-26T08:15:14.000Z",
"dateReserved": "2021-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3646 (GCVE-0-2021-3646)
Vulnerability from cvelistv5 – Published: 2021-09-10 18:02 – Updated: 2024-08-03 17:01
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver
Summary
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Severity ?
4.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| btcpayserver | btcpayserver/btcpayserver |
Affected:
unspecified , < 1.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "btcpayserver/btcpayserver",
"vendor": "btcpayserver",
"versions": [
{
"lessThan": "1.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T18:02:50.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
],
"source": {
"advisory": "32e30ecf-31fa-45f6-8552-47250ef0e613",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3646",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "btcpayserver/btcpayserver",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.3"
}
]
}
}
]
},
"vendor_name": "btcpayserver"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/32e30ecf-31fa-45f6-8552-47250ef0e613"
},
{
"name": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e",
"refsource": "MISC",
"url": "https://github.com/btcpayserver/btcpayserver/commit/fc4e47cec608cc3dba24b19d0145ac69320b975e"
}
]
},
"source": {
"advisory": "32e30ecf-31fa-45f6-8552-47250ef0e613",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3646",
"datePublished": "2021-09-10T18:02:50.000Z",
"dateReserved": "2021-07-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}