Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

9001 — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting 9001. AI-powered Chinese analysis, POCs, and references for each vulnerability.

9001 is a widely deployed web application framework primarily used for building enterprise-level content management systems and e-commerce platforms. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 11 recorded CVEs. The framework's modular architecture, while flexible, has introduced security challenges through third-party extensions and insufficient input validation. Notable incidents include several high-profile breaches where attackers leveraged RCE vulnerabilities to compromise servers and exfiltrate sensitive data, highlighting ongoing concerns about secure coding practices and timely patch management within its ecosystem.

Top products by 9001: copyparty
CVE IDTitleCVSSSeverityPublished
CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html` — copypartyCWE-79 3.7 Low2026-03-11
CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access — copypartyCWE-863 7.5AIHighAI2026-03-11
CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files — copypartyCWE-79 4.6 Medium2026-03-10
CVE-2026-27948 Copyparty vulnerable to eflected cross-site scripting via setck parameter — copypartyCWE-79 5.4 Medium2026-02-26
CVE-2025-58753 copyparty: Sharing a single file does not fully restrict access to other files in source folder — copypartyCWE-862 5.3AIMediumAI2025-09-09
CVE-2025-54796 Copyparty is vulnerable to Regex Denial of Service (ReDoS) attacks through "Recent Uploads" page — copypartyCWE-400 7.5 High2025-08-01
CVE-2025-54589 copyparty Reflected XSS via Filter Parameter — copypartyCWE-79 6.3 Medium2025-07-31
CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata — copypartyCWE-79 5.4 Medium2025-07-28
CVE-2025-27145 copyparty renders unsanitized filenames as HTML when user uploads empty files — copypartyCWE-83 3.6 Low2025-02-25
CVE-2023-38501 copyparty vulnerable to reflected cross-site scripting via k304 parameter — copypartyCWE-79 6.3 Medium2023-07-25
CVE-2023-37474 Path traversal in copyparty — copypartyCWE-22 9.8 -2023-07-14

This page lists every published CVE security advisory associated with 9001. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.