GHSA-9Q4R-X2HJ-JMVR copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two way...

Metadata-Attacker - A Tool To Generate Media Files With Malicious Metadata

With this small suite of open source pentesting tools you're able to create an image .jpg, audio .mp3 or video .mp4 file containing your custom metadata or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta data...