exploitDog

CVE-2023-41471

Опубликовано: 29 авг. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

Ссылки

https://github.com/9001/copyparty
Product
https://github.com/9001/copyparty/releases/tag/v1.9.2
https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/copyparty.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:9001:copyparty:1.9.1:*:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4mcf-c9v4-fpcr

CVSS3: 7.8

github

5 месяцев назад

Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.

EPSS

Процентиль: 6%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-79