CVE-2026-27948

Medium CVSS: 5.4

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter `?setck=...`. Version 1.20.9 fixes the issue.

Vendor

9001

Product

Copyparty

CWE

CWE-79

Yayın Tarihi

2026-02-26 02:16:22

Güncelleme

2026-02-28 00:56:59

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Copyparty MEDIUM 9001 2026

Referanslar

https://github.com/9001/copyparty/commit/31b2801fd041f803f4a3d5c12c7d7cb5419048bc https://github.com/9001/copyparty/security/advisories/GHSA-62cr-6wp5-q43h

Benzer Kayıtlar

Low

CVE-2026-32108

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the s…

Low

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to…

Medium

CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of Java…

Medium

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares fea…

High

CVE-2023-41471

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a cra…

High

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows…