EUVD-2025-22945

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based Cross-site Scripting XSS. The vulnerability is due to improper sanitization of multimedia tags in music files, including m3u files, which allows an attacker to execute arbitrary JavaScript code in a victim's browser...

CVE-2025-54423

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of multimedia tags in music files, including m3u files. An attacker can execute arbitrary JavaScript code in a victim's browser by tricking the victim into opening a crafted file. Detai...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

CVE-2025-54423

CVE-2025-54423 affects the Copyparty portable file server. Versions up to and including 1.18.4 allow an unauthenticated attacker to execute arbitrary JavaScript in a victim’s browser due to improper sanitization of multimedia tags in music files (including m3u). This is a DOM-based XSS vulnerabil...