mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 00:52:16 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix GHSA-9q4r-x2hj-jmvr ;

Browse source 
this fixes a DOM-Based XSS when rendering multimedia metadata

assuming the media-indexing option is enabled, a malicious media file
could be uploaded to the server by a privileged user, executing
arbitrary javascript on anyone visiting and viewing the directory

the same vulnerability could also be triggered through an
externally-hosted m3u file, by tricking a user into
clicking a link to load and play this m3u file

huge thanks to @altperfect for finding and reporting this!
This commit is contained in:
ed 2025-07-27 22:56:38 +00:00
parent 6bb27e6091
commit 895880aeb0
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
copyparty/web/browser.js
View file

@ -7464,7 +7464,7 @@ var search_ui = (function () {
nodes = ['<tr><td>-</td><td><div>' + links + '</div>', sz];
for (var b = 0; b < tagord.length; b++) {
var k = tagord[b],
var k = esc(tagord[b]),
v = r.tags[k] || "";
if (k == ".dur") {
@ -7473,7 +7473,7 @@ var search_ui = (function () {
continue;
}
nodes.push(v);
nodes.push(esc('' + v));
}
nodes = nodes.concat([ext, unix2iso(ts)]);
@ -8362,7 +8362,7 @@ var treectl = (function () {
top + tn.href + '" id="' + id + '">' + hname + '</a>', tn.sz];
for (var b = 0; b < res.taglist.length; b++) {
var k = res.taglist[b],
var k = esc(res.taglist[b]),
v = (tn.tags || {})[k] || "",
sv = null;
@ -8371,7 +8371,7 @@ var treectl = (function () {
else if (k == ".up_at")
sv = v ? unix2iso(v) : "";
else {
ln.push(v);
ln.push(esc('' + v));
continue;
}
ln[ln.length - 1] += '</td><td sortv="' + v + '">' + sv;