CVE-2023-0879 - OpenCVE

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Btcpayserver	Btcpay Server

Configuration 1 [-]

cpe:2.3:a:btcpayserver:btcpay_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7
https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-02-17T00:00:00

Updated: 2024-08-02T05:24:34.697Z

Reserved: 2023-02-17T00:00:00

Link: CVE-2023-0879

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-02-17T02:15:10.680

Modified: 2023-10-26T19:09:37.217

Link: CVE-2023-0879

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0879", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2024-08-02T05:24:34.697Z", "dateReserved": "2023-02-17T00:00:00", "datePublished": "2023-02-17T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "btcpayserver/btcpayserver", "vendor": "btcpayserver", "versions": [{"lessThan": "1.7.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.</p>"}], "value": "Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-10T07:21:01.577Z"}, "references": [{"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541"}, {"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7"}], "source": {"advisory": "9464e3c6-961d-4e23-8b3d-07cbb31de541", "discovery": "EXTERNAL"}, "title": "Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.697Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541", "tags": ["x_transferred"]}, {"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7", "tags": ["x_transferred"]}]}]}}