Description

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

Related CPE's

a

btcpayserver

btcpay_server

Vulnerable

References

http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html

Third Party AdvisoryVDB Entry

https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a

Patch

https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f

ExploitPatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-74

[email protected]

Secondary
CWE-76

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-26T23:15:15.920

2 years ago

Last modified

2023-10-31T16:03:55.190

1 year ago