3 matches found
Improper Neutralization of Equivalent Special Elements
Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements due to improper user input validation, which allows HTML injection in the forms/Address page fields. Remediation Upgrade BTCPayServer.Client to version 1.7.3 or higher. References -...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the returnUrl parameter. Remediation Upgrade BTCPayServer.Client to version 1.7.3 or higher. References - GitHub Commit - GitHub PR Credit: Jefferson Gonzales...
Improper Neutralization of Equivalent Special Elements
Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements due to a possible HTML injection via deleting an account's API key that has a payload as its label. Remediation Upgrade BTCPayServer.Client to version 1.7.5 or higher. References -...