Name of the Vulnerable Software and Affected Versions:

Copyparty versions 1.18.6 and below

Description:

Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting (XSS) issue. When accessing the recent uploads page at `/?ru`, the application does not properly escape user-supplied input in the filter parameter, which is directly reflected into a `<script>` block. This allows attackers to inject malicious scripts. The issue affects both authenticated and unauthenticated users.

Recommendations:

Update to version 1.18.7 or later.