Количество 2
Количество 2
CVE-2025-54589
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>` block without proper escaping, allowing for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users. This is fixed in version 1.18.7.
GHSA-8mx2-rjh8-q3jq
copyparty Reflected XSS via Filter Parameter
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-54589 Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `<script>` block without proper escaping, allowing for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users. This is fixed in version 1.18.7. | CVSS3: 6.3 | 1% Низкий | 6 месяцев назад |
| GHSA-8mx2-rjh8-q3jq copyparty Reflected XSS via Filter Parameter | CVSS3: 6.3 | 1% Низкий | 6 месяцев назад |
Уязвимостей на страницу