Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

BTCPay Server v1.7.4 - HTML Injection

๐Ÿ—“๏ธย 05 Apr 2023ย 00:00:00Reported byย Manojkumar JTypeย 
exploitdb
ย exploitdb๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 152ย Views

BTCPay Server v1.7.4 HTML injection CVE-2023-049

Related
Code
ReporterTitlePublishedViews
Family
0day.today		BTCPay Server v1.7.4 - HTML Injection Vulnerability
5 Apr 202300:00
โ€“zdt
Huntr		Stored HTML Injection
20 Jan 202304:05
โ€“huntr
Circl		CVE-2023-0493
5 Apr 202300:00
โ€“circl
CNNVD		BTCPay Server ๆณจๅ…ฅๆผๆดž
26 Jan 202300:00
โ€“cnnvd
CVE		CVE-2023-0493
26 Jan 202300:00
โ€“cve
Cvelist		CVE-2023-0493 Improper Neutralization of Equivalent Special Elements in btcpayserver/btcpayserver
26 Jan 202300:00
โ€“cvelist
EUVD		EUVD-2023-0312
3 Oct 202520:07
โ€“euvd
Github Security Blog		Withdrawn Advisory: HTML injections in BTCPayServer
27 Jan 202300:30
โ€“github
GitLab Advisory Database		Improper Neutralization of Equivalent Special Elements
27 Jan 202300:00
โ€“gitlab
NVD		CVE-2023-0493
26 Jan 202323:15
โ€“nvd
Rows per page
# Exploit Title: BTCPay Server v1.7.4 - HTML Injection
# Date: 01/26/2023
# Exploit Author: Manojkumar J (TheWhiteEvil)
# Vendor Homepage: https://github.com/btcpayserver/btcpayserver
# Software Link:
https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5
# Version: <=1.7.4
# Tested on: Windows10
# CVE : CVE-2023-0493

# Description:

BTCPay Server v1.7.4 HTML injection vulnerability.

# Steps to exploit:

1. Create an account on the target website.

Register endpoint: https://target-website.com/register#

2. Move on to the API key and create API key with the html injection in the
label field.

Example:

<a href="https://hackerbro.in">clickhere</a>


3. Click remove/delete API key, the html injection will render.

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Apr 2023 00:00Current
7High risk
Vulners AI Score7
CVSS 3.15.3 - 8.8
EPSS0.0999
SSVC
btcpay serverhtml injectionvulnerabilitycve-2023-0493api keywindows10exploit
152