Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver

Valid

Reported on

Sep 6th 2021

✍️ Description

Accept Bitcoin payments. Free, open-source & self-hosted, Bitcoin payment processor this package is vulnerable for xss

This vulnerability is capable of stored XSS

PullPaymentController.cs L68

We have contacted a member of the btcpayserver team and are waiting to hear back 2 years ago

Nicolas Dorier validated this vulnerability 2 years ago

Abdul muhaimin has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 2 years ago

Maintainer

Investigating on https://github.com/btcpayserver/btcpayserver/issues/2856

commented 2 years ago

Maintainer

Fixed by https://github.com/btcpayserver/btcpayserver/pull/2863

Nicolas Dorier marked this as fixed with commit fc4e47 2 years ago

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the btcpayserver team and are waiting to hear back 2 years ago

Nicolas Dorier validated this vulnerability 2 years ago

Abdul muhaimin has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented 2 years ago

Maintainer

Investigating on https://github.com/btcpayserver/btcpayserver/issues/2856

commented 2 years ago

Maintainer

Fixed by https://github.com/btcpayserver/btcpayserver/pull/2863

Nicolas Dorier marked this as fixed with commit fc4e47 2 years ago

This vulnerability will not receive a CVE

to join this conversation