Lucene search
K

BTCPay Server v1.7.4 - HTML Injection

🗓️ 05 Apr 2023 00:00:00Reported by Manojkumar JType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 156 Views

BTCPay Server v1.7.4 HTML injection CVE-2023-049

Related
Code
ReporterTitlePublishedViews
Family
0day.today
BTCPay Server v1.7.4 - HTML Injection Vulnerability
5 Apr 202300:00
zdt
Huntr
Stored HTML Injection
20 Jan 202304:05
huntr
Circl
CVE-2023-0493
5 Apr 202300:00
circl
CNNVD
BTCPay Server 注入漏洞
26 Jan 202300:00
cnnvd
CVE
CVE-2023-0493
26 Jan 202300:00
cve
Cvelist
CVE-2023-0493 Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
26 Jan 202300:00
cvelist
EUVD
EUVD-2023-0312
3 Oct 202520:07
euvd
Github Security Blog
Withdrawn Advisory: HTML injections in BTCPayServer
27 Jan 202300:30
github
GitLab Advisory Database
Improper Neutralization of Equivalent Special Elements
27 Jan 202300:00
gitlab
NVD
CVE-2023-0493
26 Jan 202323:15
nvd
Rows per page
# Exploit Title: BTCPay Server v1.7.4 - HTML Injection
# Date: 01/26/2023
# Exploit Author: Manojkumar J (TheWhiteEvil)
# Vendor Homepage: https://github.com/btcpayserver/btcpayserver
# Software Link:
https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5
# Version: <=1.7.4
# Tested on: Windows10
# CVE : CVE-2023-0493

# Description:

BTCPay Server v1.7.4 HTML injection vulnerability.

# Steps to exploit:

1. Create an account on the target website.

Register endpoint: https://target-website.com/register#

2. Move on to the API key and create API key with the html injection in the
label field.

Example:

<a href="https://hackerbro.in">clickhere</a>


3. Click remove/delete API key, the html injection will render.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Apr 2023 00:00Current
7High risk
Vulners AI Score7
CVSS 3.15.3 - 8.8
EPSS0.07896
SSVC
156