CNNVD-202507-3558 Information

CNNVD ID

CNNVD-202507-3558

Related CVE

CVE-2025-54423

• CNNVD Published: 2025-07-28

Description (Chinese)

Copyparty是ed个人开发者的一个便携式文件服务器。 Copyparty 1.18.4及之前版本存在跨站脚本漏洞，该漏洞源于音乐文件多媒体标签清理不当，可能导致执行任意JavaScript代码。

Description (English)

Copyparty is a portable file server for ed personal developers. Copyparty 1.18.4 and earlier versions had a cross-site script loophole, which stemmed from the inappropriate cleaning of multimedia tags for music files, which could lead to the implementation of any JavaScript code.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-07-28

Last Modified

2026-02-24

References

https://github.com/9001/copyparty/commit/895880aeb0be0813ddf732487596633f8f9fc3a6 https://github.com/9001/copyparty/releases/tag/v1.18.5 https://github.com/9001/copyparty/security/advisories/GHSA-9q4r-x2hj-jmvr https://access.redhat.com/security/cve/cve-2025-54423

Patch

https://github.com/9001/copyparty/releases