CVE-2021-29250

2021-05-0513:15:07

Google

osv.dev

btcpay server

stored xss

cookie stealing

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.

References

blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/

github.com/btcpayserver/btcpayserver/releases