CVE-2021-29250

CVE-2021-29250

EPSS 0.5%

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.btcpayserver.org/vulnerability-disclosure-v1-0-7-0/https://github.com/btcpayserver/btcpayserver/releases