CVE-2023-41471

High CVSS: 7.8

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

Vendor

9001

Product

Copyparty

CWE

CWE-79

Yayın Tarihi

2025-08-29 19:15:32

Güncelleme

2025-11-03 06:15:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Copyparty HIGH 9001 2025

Referanslar

https://github.com/9001/copyparty https://github.com/9001/copyparty/releases/tag/v1.9.2 https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/copyparty.md

Benzer Kayıtlar

Low

CVE-2026-32108

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the s…

Low

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to…

Medium

CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of Java…

Medium

CVE-2026-27948

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via U…

Medium

CVE-2025-58753

Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares fea…

High

CVE-2025-54796

Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows…