repository icon
btcpayserver / btcpayserver Project repository

Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor.

Submit a report

FIRST INTERACTION

WITHIN1 DAY

REVIEW

WITHIN3 DAYS

FIX

WITHIN6 DAYS

Defect report dundle double spend vulnerability
katzamit99
not applicable
HTML Injection in App Pos and App Crowdfund
jobert-krohnen
informative
Medium
SSRF
hatlesswizard
informative
Medium
btcpayserver Store plugins Shopify
ahmadsahimdova
informative
Medium
XSS via Client Side Template Injection
cupc4k3
Medium
CVE-2023-1270
Broken Authentication and Session Management
thewhiteevil
informative
Medium
Stored HTML Injection inside the >>> Request payment >>> Request Customer Data C...
thewhiteevil
Medium
CVE-2023-1149
SSRF vulnerability in User's Store Setting under webhooks functions
jeffreygaor
informative
High
Unrestricted File Upload Leads to Cross-Site Scripting Stored & Potential Remote...
jeffreygaor
duplicate
High
Valid session after logout
isdkrisna
not applicable
File Upload lead to Stored XSS bypass csp
nayefhmoodh
Medium
CVE-2023-0879
Stored XSS in server settings when upload branding
d47sec
High
CVE-2023-0810
Stored XSS in server settings when upload theme
d47sec
duplicate
High
Weak Filetype validation to potential various security issues
kr1shna4garwal
informative
Medium
Exif Meta Data not striped off (Geo location leak)
thewhiteevil
not applicable
Open Redirect on "returnUrl=" parameter
gonzxph
Medium
CVE-2023-0748
Weak password policy : Old password can be set as new password
ctflearner
informative
Low
File Upload Type Validation Error lead to Stored XSS
ctflearner
Medium
CVE-2023-0747
Stored HTML Injection
thewhiteevil
Medium
CVE-2023-0493
Pre-account takeover due to lack of email verification.
thewhiteevil
informative
Low
Cross-site Scripting (XSS) - Reflected
b3ef
Medium
$40CVE-2021-3646
Cross-site Scripting (XSS) - Stored
ranjit-git
High
$40
Cross-site Scripting (XSS) - Stored
b1nslashsh
Low
$40CVE-2021-3830
Cross-site Scripting (XSS) - Stored
b1nslashsh
Medium
$40