CVE-2023-0493

moderate-risk
Published 2023-01-26

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.

Do I need to act?

~
10.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51254
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Btcpay Server

Affected Vendors

Btcpayserver

References (6)

Third Party Advisory http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.h...
Patch https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd2462...
Exploit https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f
Third Party Advisory http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.h...
Patch https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd2462...
Exploit https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f
44
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal