copyparty vulnerable to reflected cross-site scripting via k304 parameter
The application contains a reflected cross-site scripting via URL-parameter ?k304=… and ?setck=…
Advisories for Pypi/Copyparty package
2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in copyparty.
copyparty vulnerable to path traversal attack
All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server.