Vulnerabilities > Btcpayserver

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2021-29247 Incorrect Permission Assignment for Critical Resource vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.
network
low complexity
btcpayserver CWE-732
5.3
2021-05-05 CVE-2021-29245 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.
network
low complexity
btcpayserver CWE-338
5.3
2021-05-05 CVE-2021-29248 Missing Encryption of Sensitive Data vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.
network
low complexity
btcpayserver CWE-311
5.3
2021-05-05 CVE-2021-29246 Path Traversal vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution.
local
low complexity
btcpayserver CWE-22
6.7
2021-05-05 CVE-2021-29250 Cross-site Scripting vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality.
network
low complexity
btcpayserver CWE-79
5.4
2021-04-01 CVE-2021-29251 Unspecified vulnerability in Btcpayserver Btcpay Server
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies).
network
low complexity
btcpayserver
6.5
2021-03-26 CVE-2021-29249 Unspecified vulnerability in Btcpayserver Btcpay Server
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.
network
low complexity
btcpayserver
7.5