CVE-2025-54589
published 2025-07-31CVE-2025-54589: Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an…
PriorityP341medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.26%
80.8th percentile
Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `` block without proper escaping, allowing for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users. This is fixed in version 1.18.7.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 9001 | copyparty | < 1.18.7 | 1.18.7 |
| 9001 | copyparty | >= 0 < 1.18.7 | 1.18.7 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
copyparty Reflected XSS via Filter Parameter
ghsa·2025-07-31
CVE-2025-54589 [MEDIUM] CWE-79 copyparty Reflected XSS via Filter Parameter
copyparty Reflected XSS via Filter Parameter
### Summary
Unauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the `filter` parameter containing JavaScript code.
### Details
When accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `` block without proper escaping.
This vulnerability allows for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users, enabling unwanted actions in the victims browser.
### PoC
A URL like this will execute `alert(1)`:
```
https://127.0.0.1:3923/?ru&filter=alert(1)
```
OSV
copyparty Reflected XSS via Filter Parameter
osv·2025-07-31
CVE-2025-54589 [MEDIUM] copyparty Reflected XSS via Filter Parameter
copyparty Reflected XSS via Filter Parameter
### Summary
Unauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the `filter` parameter containing JavaScript code.
### Details
When accessing the recent uploads page at `/?ru`, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a `` block without proper escaping.
This vulnerability allows for reflected Cross-Site Scripting (XSS) and can be exploited against both authenticated and unauthenticated users, enabling unwanted actions in the victims browser.
### PoC
A URL like this will execute `alert(1)`:
```
https://127.0.0.1:3923/?ru&filter=alert(1)
```
No detection rules found.
Exploit-DB
Gandia Integra Total 4.4.2236.1 - SQL Injection
exploitdb·2025-08-03·CVSS 8.7
CVE-2025-41373 [HIGH] Gandia Integra Total 4.4.2236.1 - SQL Injection
Gandia Integra Total 4.4.2236.1 - SQL Injection
---
/*
* Author : Byte Reaper
* CVE : CVE-2025-41373
* Vulnerability : SQL
* Affected Path : /encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=
* Affected Versions : 2.1.2217.3 to v4.4.2236.1
* Description:
* This endpoint concatenates the `idestudio` parameter directly into an SQL query
* without proper sanitization or parameterization, allowing an attacker to inject
* arbitrary SQL. We leverage both boolean-based and time-based techniques to detect.
*/
#include
#include
#include
#include "argparse.h"
#include
#include
#include
#define FULL_URL 4300
int verbose = 0;
int useC = 0;
const char *url = NULL;
const char *cookies = NULL;
void sleepSyscall(void)
{
struct timespec sleepR;
sleepR.tv_sec = 1;
sleepR.tv_n
Exploit-DB
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
exploitdb·2025-08-03·CVSS 6.3
CVE-2025-54589 [MEDIUM] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
---
/*
* Author : Byte Reaper
* CVE : CVE-2025-54589
* Title : Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
* CVE-2025-54589 is a reflected cross-site scripting (XSS) vulnerability in Copyparty (≤ 1.18.6) where the filter parameter is inserted into the HTML response without proper sanitization,
allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser
*/
#include
#include
#include
#include
#include
#include "argparse.h"
#include
#include
#include
#include
#define FULL_URL 2500
#define COLOR_RESET "\e[0m"
#define COLOR_RED "\e[1;31m"
#define COLOR_GRN "\e[1;32m"
#define COLOR_YEL "\e[1;33m"
#define COLOR_BLU "\e[1;34m"
#define COLOR_CYN "\e[1;36m"
#define COLOR_WHT "\e[1;37m"
#define COLOR_PUR
Nuclei
Copyparty <=1.18.6 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2025-54589 [MEDIUM] Copyparty <=1.18.6 - Cross-Site Scripting
Copyparty alert(document.domain)'
- 'control-panel'
condition: and
- type: word
part: content_type
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100a59c730936fe8f8841c97627fc1a6fa48c2f183aef6de1f36038b6b794ca8b920221009e8fcbe4ca5731253aa7e77cbd06766024e5856179d2f0c1b3dfe52031e46ec8:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-07-31
Published