Copyparty <=1.18.6 - Cross-Site Scripting

Copyparty before 1.18.7 is vulnerable to reflected cross-site scripting XSS via the 'filter' parameter in the '/?ru' endpoint. Unsanitized user input is reflected in the HTML response, allowing attackers to execute arbitrary JavaScript in the context of the victim's browser. id: CVE-2025-54589...

EUVD-2023-38093

Malicious code in bioql PyPI...

CVE-2025-54589 copyparty Reflected XSS via Filter Parameter

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

CVE-2025-54589

Copyparty ≤1.18.6 is vulnerable to reflected XSS via the filter parameter on the /?ru endpoint. The input is echoed into a script block without proper escaping, enabling arbitrary JavaScript execution in victim browsers for both authenticated and unauthenticated users. The issue is fixed in versi...

CVE-2025-54589 copyparty Reflected XSS via Filter Parameter

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

PT-2025-31523 · Copyparty · Copyparty

Name of the Vulnerable Software and Affected Versions: Copyparty versions 1.18.6 and below Description: Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting XSS issue. When accessing the recent uploads page at /?ru, the application does not properly escape...

Nokogiri 安全漏洞

Nokogiri is an open source software library for parsing HTML and XML in Ruby. A security vulnerability exists in Nokogiri 1.18.7 and earlier versions, which stems from a heap buffer overflow in the function hashmapgetwithhash in the file gumbo-parser/src/hashmap.c. The vulnerability is caused by ...

GHSA-7HV6-GV38-78WJ DataEase API interface has IDOR vulnerability

Impact The api interface for DataEase delete dashboard and delete system messages is vulnerable to IDOR. The interface to delete the dashboard: 1. Create two users: user1 and user2 2. User1 creates a dashboard named pan1 3. User2 creates a dashboard named pan2 4. Both user1 and user2 share their...

CVE-2023-33963 DataEase data source has deserialization vulnerability

DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. It is used to help users quickly analyze data and gain insights into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 1.18.7. An attacker exploiting the...

Security fix for the ALT Linux 10 package golang version 1.18.7-alt1

1.18.7-alt1 built Oct. 18, 2022 Alexey Shabalin in task 308328 Oct. 6, 2022 Alexey Shabalin - New version 1.18.7 Fixes: CVE-2022-2879, CVE-2022-2880, CVE-2022-41715...