6 matches found
CVE-2026-30974
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
CVE-2026-30974
The copyparty advisory GHSA-M6HV-X64C-27MM describes a vulnerability where the nohtml volflag failed to block JavaScript in SVG files. Although not a vulnerability by itself, this allowed a user with write access to upload an SVG containing embedded JavaScript that could execute when opened, pote...
CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
EUVD-2026-10712
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...
Copyparty 跨站脚本漏洞
Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to v1.20.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the nohtml configuration option not being applied to SVG images, which could lead to the execution of...