Vulnerabilities > Btcpayserver > Btcpay Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-02 | CVE-2023-1149 | Improper Neutralization of Equivalent Special Elements vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | 5.4 |
| 2023-02-17 | CVE-2023-0879 | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | 5.4 |
| 2023-01-31 | CVE-2022-32984 | Unspecified vulnerability in Btcpayserver Btcpay Server BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. | 7.5 |
| 2023-01-26 | CVE-2023-0493 | Injection vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | 8.8 |
| 2021-09-26 | CVE-2021-3830 | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2021-09-10 | CVE-2021-3646 | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 4.3 |
| 2021-05-05 | CVE-2021-29247 | Information Exposure vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | 5.0 |
| 2021-05-05 | CVE-2021-29245 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | 5.0 |
| 2021-05-05 | CVE-2021-29248 | Information Exposure vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | 5.0 |
| 2021-05-05 | CVE-2021-29246 | Path Traversal vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. | 6.5 |