9 matches found
GHSA-RCP6-88MM-9VGF Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
If an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note that it is intended behavior that the JavaScript would...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...
PYSEC-2026-32
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
PYSEC-2026-32
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
CVE-2026-32109
Copyparty (portable file server) contains a vulnerability where an attacker with both read and write permissions can upload a file named .prologue.html and craft a link to potentially execute arbitrary JavaScript in a victim’s context. The attack requires the target to click the crafted link; nor...
Copyparty 跨站脚本漏洞
Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to 1.20.12 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of the.prologue.html file, which could allow attackers to execute arbitrary JavaScri...
PT-2026-24824
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...