5 matches found
CVE-2025-27145
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...
CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...
CVE-2025-27145
The CVE-2025-27145 entry relates to copyparty, a portable file server, with a DOM-based XSS vulnerability in versions prior to 1.16.15. The issue is triggered during drag-and-drop of a maliciously named, empty file into the Web-UI, causing arbitrary JavaScript execution with the user’s privileges...
CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...
CVE-2025-27145
creationtimestamp| type| source ---|---|--- 2025-02-25 01:31:40+00:00| published-proof-of-concept| https://github.com/9001/copyparty/security/advisories/GHSA-m2jw-cj8v-937r 2025-02-25 04:49:57+00:00| seen| https://t.me/cvedetector/18848...