CVE-2025-54589

Name of the Vulnerable Software and Affected Versions Copyparty versions 1.18.6 and below

Description Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting (XSS) issue. When accessing the recent uploads page at /?ru, the application does not properly escape user-supplied input in the filter parameter, which is directly reflected into a <script> block. This allows attackers to inject malicious scripts. The issue affects both authenticated and unauthenticated users.

Recommendations Update to version 1.18.7 or later.