CVE-2025-54423 – Copyparty Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-54423

Published : July 28, 2025, 8:17 p.m. | 1 hour, 4 minutes ago

Description : copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim’s browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…