Jaypatel48

**Name of the Vulnerable Software and Affected Versions** copyparty versions prior to 1.16.15 **Description** The issue is a DOM-based cross-site scripting vulnerability. It can be triggered by handing someone a maliciously-named file and then tricking them into dragging the file into copyparty's Web-UI. This could allow an attacker to execute arbitrary javascript with the same privileges as that user, potentially giving unintended read-access to files owned by that user. The bug is triggered by the drag-drop action itself and requires an empty (zero bytes) file. **Recommendations** For versions prior to 1.16.15, update to version 1.16.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the Web-UI or avoiding the use of drag-and-drop functionality with untrusted files.