Exploit for BTCPay Server 1.7.4 HTML Injection CVE-2023-0493

## https://sploitus.com/exploit?id=PACKETSTORM:171732
# Exploit Title: BTCPay Server v1.7.4 - HTML Injection  
# Date: 01/26/2023  
# Exploit Author: Manojkumar J (TheWhiteEvil)  
# Vendor Homepage: https://github.com/btcpayserver/btcpayserver  
# Software Link:  
https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5  
# Version: <=1.7.4  
# Tested on: Windows10  
# CVE : CVE-2023-0493  
  
# Description:  
  
BTCPay Server v1.7.4 HTML injection vulnerability.  
  
# Steps to exploit:  
  
1. Create an account on the target website.  
  
Register endpoint: https://target-website.com/register#  
  
2. Move on to the API key and create API key with the html injection in the  
label field.  
  
Example:  
  
<a href="https://hackerbro.in">clickhere</a>  
  
  
3. Click remove/delete API key, the html injection will render.