1.0.0.25

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-02	CVE-2023-1149	Improper Neutralization of Equivalent Special Elements vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. network low complexity btcpayserver CWE-76	5.4
2023-02-17	CVE-2023-0879	Cross-site Scripting vulnerability in Btcpayserver Btcpay Server Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. network low complexity btcpayserver CWE-79	5.4
2023-01-26	CVE-2023-0493	Injection vulnerability in Btcpayserver Btcpay Server Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. network low complexity btcpayserver CWE-74	8.8
2021-09-26	CVE-2021-3830	Cross-site Scripting vulnerability in Btcpayserver Btcpay Server btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') network btcpayserver CWE-79	3.5
2021-09-10	CVE-2021-3646	Cross-site Scripting vulnerability in Btcpayserver Btcpay Server btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') network btcpayserver CWE-79	4.3
2021-05-05	CVE-2021-29247	Information Exposure vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. network low complexity btcpayserver CWE-200	5.0
2021-05-05	CVE-2021-29245	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. network low complexity btcpayserver CWE-338	5.0
2021-05-05	CVE-2021-29248	Information Exposure vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. network low complexity btcpayserver CWE-200	5.0
2021-05-05	CVE-2021-29246	Path Traversal vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. network low complexity btcpayserver CWE-22	6.5
2021-05-05	CVE-2021-29250	Cross-site Scripting vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. network btcpayserver CWE-79	3.5