CVE-2021-29250

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-29250
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29250.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29250
Published
2021-05-05T13:15:07.787Z
Modified
2026-03-13T23:49:01.743586Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.

References

Affected packages

Git / github.com/btcpayserver/btcpayserver

Affected ranges

Type
GIT
Repo
https://github.com/btcpayserver/btcpayserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e1fed90b71c507d1d1dcc2a7760eb1f60eb1ac48
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.7.0"
        }
    ]
}

Affected versions

BTCPayServer.*
BTCPayServer.Client/v1.1.0
BTCPayServer.Client/v1.1.1
BTCPayServer.Client/v1.2.0
BTCPayServer.Client/v1.3.0
v1.*
v1.0.0.0
v1.0.0.1
v1.0.0.10
v1.0.0.11
v1.0.0.12
v1.0.0.13
v1.0.0.14
v1.0.0.15
v1.0.0.16
v1.0.0.17
v1.0.0.18
v1.0.0.19
v1.0.0.2
v1.0.0.20
v1.0.0.21
v1.0.0.22
v1.0.0.23
v1.0.0.24
v1.0.0.25
v1.0.0.26
v1.0.0.27
v1.0.0.28
v1.0.0.29
v1.0.0.3
v1.0.0.30
v1.0.0.31
v1.0.0.32
v1.0.0.33
v1.0.0.34
v1.0.0.35
v1.0.0.36
v1.0.0.37
v1.0.0.38
v1.0.0.4
v1.0.0.40
v1.0.0.41
v1.0.0.42
v1.0.0.43
v1.0.0.44
v1.0.0.45
v1.0.0.46
v1.0.0.47
v1.0.0.48
v1.0.0.49
v1.0.0.5
v1.0.0.50
v1.0.0.51
v1.0.0.52
v1.0.0.53
v1.0.0.55
v1.0.0.56
v1.0.0.57
v1.0.0.58
v1.0.0.59
v1.0.0.6
v1.0.0.60
v1.0.0.61
v1.0.0.62
v1.0.0.63
v1.0.0.64
v1.0.0.65
v1.0.0.67
v1.0.0.68
v1.0.0.69
v1.0.0.7
v1.0.0.70
v1.0.0.71
v1.0.0.72
v1.0.0.73
v1.0.0.74
v1.0.0.75
v1.0.0.76
v1.0.0.77
v1.0.0.78
v1.0.0.79
v1.0.0.8
v1.0.0.80
v1.0.0.81
v1.0.0.82
v1.0.0.83
v1.0.0.9
v1.0.1.0
v1.0.1.1
v1.0.1.10
v1.0.1.11
v1.0.1.12
v1.0.1.13
v1.0.1.14
v1.0.1.15
v1.0.1.16
v1.0.1.17
v1.0.1.18
v1.0.1.19
v1.0.1.2
v1.0.1.20
v1.0.1.21
v1.0.1.22
v1.0.1.23
v1.0.1.24
v1.0.1.25
v1.0.1.26
v1.0.1.27
v1.0.1.28
v1.0.1.29
v1.0.1.3
v1.0.1.30
v1.0.1.31
v1.0.1.32
v1.0.1.33
v1.0.1.34
v1.0.1.35
v1.0.1.36
v1.0.1.37
v1.0.1.38
v1.0.1.39
v1.0.1.4
v1.0.1.40
v1.0.1.41
v1.0.1.42
v1.0.1.43
v1.0.1.44
v1.0.1.45
v1.0.1.46
v1.0.1.47
v1.0.1.48
v1.0.1.49
v1.0.1.5
v1.0.1.50
v1.0.1.51
v1.0.1.52
v1.0.1.53
v1.0.1.54
v1.0.1.55
v1.0.1.56
v1.0.1.57
v1.0.1.58
v1.0.1.59
v1.0.1.6
v1.0.1.60
v1.0.1.61
v1.0.1.62
v1.0.1.63
v1.0.1.64
v1.0.1.65
v1.0.1.66
v1.0.1.67
v1.0.1.68
v1.0.1.69
v1.0.1.7
v1.0.1.70
v1.0.1.71
v1.0.1.72
v1.0.1.73
v1.0.1.74
v1.0.1.75
v1.0.1.76
v1.0.1.77
v1.0.1.78
v1.0.1.79
v1.0.1.8
v1.0.1.80
v1.0.1.81
v1.0.1.82
v1.0.1.84
v1.0.1.85
v1.0.1.86
v1.0.1.87
v1.0.1.88
v1.0.1.89
v1.0.1.9
v1.0.1.91
v1.0.1.92
v1.0.1.93
v1.0.1.94
v1.0.1.95
v1.0.1.96
v1.0.2.0
v1.0.2.1
v1.0.2.10
v1.0.2.100
v1.0.2.101
v1.0.2.102
v1.0.2.103
v1.0.2.104
v1.0.2.105
v1.0.2.106
v1.0.2.107
v1.0.2.108
v1.0.2.109
v1.0.2.11
v1.0.2.110
v1.0.2.111
v1.0.2.112
v1.0.2.113
v1.0.2.114
v1.0.2.12
v1.0.2.13
v1.0.2.14
v1.0.2.15
v1.0.2.16
v1.0.2.17
v1.0.2.18
v1.0.2.19
v1.0.2.2
v1.0.2.20
v1.0.2.21
v1.0.2.22
v1.0.2.23
v1.0.2.24
v1.0.2.26
v1.0.2.27
v1.0.2.28
v1.0.2.29
v1.0.2.3
v1.0.2.30
v1.0.2.31
v1.0.2.32
v1.0.2.33
v1.0.2.34
v1.0.2.35
v1.0.2.36
v1.0.2.37
v1.0.2.38
v1.0.2.39
v1.0.2.4
v1.0.2.40
v1.0.2.41
v1.0.2.42
v1.0.2.43
v1.0.2.44
v1.0.2.45
v1.0.2.46
v1.0.2.47
v1.0.2.48
v1.0.2.49
v1.0.2.5
v1.0.2.50
v1.0.2.51
v1.0.2.52
v1.0.2.53
v1.0.2.54
v1.0.2.55
v1.0.2.56
v1.0.2.57
v1.0.2.58
v1.0.2.59
v1.0.2.6
v1.0.2.60
v1.0.2.61
v1.0.2.62
v1.0.2.63
v1.0.2.64
v1.0.2.65
v1.0.2.66
v1.0.2.67
v1.0.2.68
v1.0.2.69
v1.0.2.7
v1.0.2.70
v1.0.2.71
v1.0.2.72
v1.0.2.74
v1.0.2.75
v1.0.2.76
v1.0.2.77
v1.0.2.79
v1.0.2.8
v1.0.2.80
v1.0.2.81
v1.0.2.82
v1.0.2.83
v1.0.2.84
v1.0.2.85
v1.0.2.86
v1.0.2.87
v1.0.2.88
v1.0.2.89
v1.0.2.9
v1.0.2.90
v1.0.2.91
v1.0.2.92
v1.0.2.93
v1.0.2.94
v1.0.2.95
v1.0.2.96
v1.0.2.98
v1.0.2.99
v1.0.3.0
v1.0.3.1
v1.0.3.10
v1.0.3.100
v1.0.3.101
v1.0.3.102
v1.0.3.103
v1.0.3.104
v1.0.3.105
v1.0.3.106
v1.0.3.107
v1.0.3.108
v1.0.3.109
v1.0.3.11
v1.0.3.110
v1.0.3.111
v1.0.3.112
v1.0.3.113
v1.0.3.114
v1.0.3.115
v1.0.3.116
v1.0.3.117
v1.0.3.118
v1.0.3.119
v1.0.3.12
v1.0.3.120
v1.0.3.121
v1.0.3.122
v1.0.3.123
v1.0.3.124
v1.0.3.125
v1.0.3.126
v1.0.3.127
v1.0.3.128
v1.0.3.129
v1.0.3.13
v1.0.3.130
v1.0.3.131
v1.0.3.132
v1.0.3.133
v1.0.3.134
v1.0.3.135
v1.0.3.136
v1.0.3.137
v1.0.3.138
v1.0.3.139
v1.0.3.14
v1.0.3.140
v1.0.3.141
v1.0.3.142
v1.0.3.143
v1.0.3.144
v1.0.3.145
v1.0.3.146
v1.0.3.147
v1.0.3.148
v1.0.3.149
v1.0.3.15
v1.0.3.150
v1.0.3.151
v1.0.3.152
v1.0.3.153
v1.0.3.154
v1.0.3.155
v1.0.3.156
v1.0.3.157
v1.0.3.158
v1.0.3.159
v1.0.3.16
v1.0.3.160
v1.0.3.161
v1.0.3.162
v1.0.3.163
v1.0.3.164
v1.0.3.165
v1.0.3.17
v1.0.3.18
v1.0.3.19
v1.0.3.2
v1.0.3.20
v1.0.3.21
v1.0.3.22
v1.0.3.23
v1.0.3.24
v1.0.3.25
v1.0.3.26
v1.0.3.27
v1.0.3.28
v1.0.3.29
v1.0.3.3
v1.0.3.30
v1.0.3.31
v1.0.3.32
v1.0.3.33
v1.0.3.34
v1.0.3.35
v1.0.3.36
v1.0.3.37
v1.0.3.38
v1.0.3.39
v1.0.3.4
v1.0.3.40
v1.0.3.41
v1.0.3.42
v1.0.3.43
v1.0.3.44
v1.0.3.45
v1.0.3.46
v1.0.3.47
v1.0.3.48
v1.0.3.49
v1.0.3.5
v1.0.3.50
v1.0.3.51
v1.0.3.52
v1.0.3.53
v1.0.3.54
v1.0.3.55
v1.0.3.56
v1.0.3.57
v1.0.3.58
v1.0.3.59
v1.0.3.6
v1.0.3.60
v1.0.3.61
v1.0.3.62
v1.0.3.63
v1.0.3.64
v1.0.3.65
v1.0.3.66
v1.0.3.67
v1.0.3.69
v1.0.3.7
v1.0.3.70
v1.0.3.71
v1.0.3.72
v1.0.3.73
v1.0.3.74
v1.0.3.75
v1.0.3.76
v1.0.3.77
v1.0.3.78
v1.0.3.79
v1.0.3.8
v1.0.3.80
v1.0.3.81
v1.0.3.82
v1.0.3.83
v1.0.3.84
v1.0.3.85
v1.0.3.86
v1.0.3.87
v1.0.3.88
v1.0.3.89
v1.0.3.9
v1.0.3.90
v1.0.3.91
v1.0.3.92
v1.0.3.93
v1.0.3.94
v1.0.3.95
v1.0.3.96
v1.0.3.97
v1.0.3.98
v1.0.3.99
v1.0.4.0
v1.0.4.1
v1.0.4.2
v1.0.4.3
v1.0.4.4
v1.0.5.0
v1.0.5.1
v1.0.5.2
v1.0.5.3
v1.0.5.4
v1.0.5.5
v1.0.5.6
v1.0.5.7
v1.0.6.0
v1.0.6.3
v1.0.6.4
v1.0.6.5
v1.0.6.6
v1.0.6.7
v1.0.7.0
Other
vshopify
vu2ftest
zlndseedbackup

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29250.json"