Nicolasdorier

**Name of the Vulnerable Software and Affected Versions** BTCPay Server versions prior to 1.7.6 **Description** The issue is related to an open redirect vulnerability in the BTCPay Server automated billing system, specifically with the handling of the `returnUrl` parameter. This could allow a remote attacker to conduct phishing attacks using a specially crafted malicious link. The vulnerability may be exploited to redirect users to unintended locations, potentially leading to security breaches. **Recommendations** For versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `returnUrl` parameter to minimize the risk of exploitation.