RSS   Podatności dla 'Btcpay server'   RSS

2021-09-26
 
CVE-2021-3830

CWE-79
 

 
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

 
2021-05-05
 
CVE-2021-29250

CWE-79
 

 
BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.

 
 
CVE-2021-29247

CWE-200
 

 
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.

 
 
CVE-2021-29245

CWE-338
 

 
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.

 
 
CVE-2021-29248

CWE-200
 

 
BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.

 
 
CVE-2021-29246

CWE-22
 

 
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory.

 
2021-04-01
 
CVE-2021-29251

NVD-CWE-noinfo
 

 
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.

 
2021-03-26
 
CVE-2021-29249

NVD-CWE-noinfo
 

 
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.

 


Copyright 2024, cxsecurity.com

 

Back to Top