Vulnerabilities > Btcpayserver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2021-29247 | Incorrect Permission Assignment for Critical Resource vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. | 5.3 |
| 2021-05-05 | CVE-2021-29245 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | 5.3 |
| 2021-05-05 | CVE-2021-29248 | Missing Encryption of Sensitive Data vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie. | 5.3 |
| 2021-05-05 | CVE-2021-29246 | Path Traversal vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. | 6.7 |
| 2021-05-05 | CVE-2021-29250 | Cross-site Scripting vulnerability in Btcpayserver Btcpay Server BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. | 5.4 |
| 2021-04-01 | CVE-2021-29251 | Unspecified vulnerability in Btcpayserver Btcpay Server BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). | 6.5 |
| 2021-03-26 | CVE-2021-29249 | Unspecified vulnerability in Btcpayserver Btcpay Server BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. | 7.5 |