Vulnerability Description
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Btcpayserver | Btcpay Server | < 1.7.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.hThird Party AdvisoryVDB Entry
- https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd2462Patch
- https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896fExploitPatchThird Party Advisory
- http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.hThird Party AdvisoryVDB Entry
- https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd2462Patch
- https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896fExploitPatchThird Party Advisory
FAQ
What is CVE-2023-0493?
CVE-2023-0493 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.
How severe is CVE-2023-0493?
CVE-2023-0493 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0493?
Check the references section above for vendor advisories and patch information. Affected products include: Btcpayserver Btcpay Server.