CVE-2025-54423

Name of the Vulnerable Software and Affected Versions copyparty versions up to and including 1.18.4

Description copyparty is a portable file server susceptible to cross-site scripting (XSS). An unauthenticated attacker can execute arbitrary JavaScript code in a victim’s browser due to improper sanitization of multimedia tags in music files, including m3u files.

Recommendations Update to version 1.18.5 or later.