Home > Vulnerability Database > CVE-2023-38501

Mend.io Vulnerability Database

CVE-2023-38501

Good to know:

Date: July 25, 2023

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.

Language: Python

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38501

Url: http://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.html

Url: https://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38

Url: https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh

Url: https://www.mend.io/vulnerability-database/CVE-2023-38501

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version copyparty - 1.8.7

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38501

Good to know:

Date: July 25, 2023

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?