Copyparty <=1.18.6 - Cross-Site Scripting

Copyparty before 1.18.7 is vulnerable to reflected cross-site scripting XSS via the 'filter' parameter in the '/?ru' endpoint. Unsanitized user input is reflected in the HTML response, allowing attackers to execute arbitrary JavaScript in the context of the victim's browser. id: CVE-2025-54589...