exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2026-30974

около 1 месяца назад

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This has been fixed in v1.20.11.

CVSS3: 4.6

EPSS: Низкий

GHSA-m6hv-x64c-27mm

около 1 месяца назад

copyparty: volflag `nohtml` did not block javascript in svg files

CVSS3: 4.6

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2026-30974 Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This has been fixed in v1.20.11.	CVSS3: 4.6	0% Низкий	около 1 месяца назад
	GHSA-m6hv-x64c-27mm copyparty: volflag `nohtml` did not block javascript in svg files	CVSS3: 4.6	0% Низкий	около 1 месяца назад

Уязвимостей на страницу