Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Copyparty volflag `nohtml` did not block javascript in svg files
Vulnerability Description
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This has been fixed in v1.20.11.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Copyparty 跨站脚本漏洞
Vulnerability Description
Copyparty是ed个人开发者的一个便携式文件服务器。 Copyparty v1.20.11之前版本存在跨站脚本漏洞,该漏洞源于nohtml配置选项未应用于SVG图像,可能导致上传包含嵌入式JavaScript的SVG文件并在用户打开时执行。
CVSS Information
N/A
Vulnerability Type
N/A