← Retour aux CVEs
CVE-2023-41471
HIGH7.8
Description
Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie8/29/2025
Derniere modification11/3/2025
Sourcenvd
Observations honeypot0
Produits affectes
9001:copyparty
Faiblesses (CWE)
CWE-79
References
https://github.com/9001/copyparty(cve@mitre.org)
https://github.com/9001/copyparty/releases/tag/v1.9.2(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.