CVE-2025-54423
copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata
copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Produtos afetados
9001 · copypartyQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →