Name of the Vulnerable Software and Affected Versions:

copyparty versions up to and including 1.18.4

Description:

copyparty is a portable file server susceptible to cross-site scripting (XSS). An unauthenticated attacker can execute arbitrary JavaScript code in a victim’s browser due to improper sanitization of multimedia tags in music files, including m3u files.

Recommendations:

Update to version 1.18.5 or later.