The filter parameter for the "Recent uploads" page allows arbitrary Regexes. If this feature is enabled (which is the default), an attacker can craft a filter which deadlocks the server.
Unauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the filter parameter containing JavaScript code.
An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files.
An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files.
A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk.
The application contains a reflected cross-site scripting via URL-parameter ?k304=… and ?setck=…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in copyparty.
All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.