Home > Vulnerability Database > WS-2023-0255

Mend.io Vulnerability Database

WS-2023-0255

Good to know:

Date: August 19, 2025

Reflected cross-site scripting via hc parameter in copyparty prior to 1.8.6. The vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link.

Language: Python

Severity Score

6.3

Related Resources (5)

Url: https://github.com/9001/copyparty/commit/0778da6c4d04de870c61f970763a7b619094093c

Url: https://github.com/9001/copyparty

Url: https://github.com/9001/copyparty/releases/tag/v1.8.6

Url: https://github.com/9001/copyparty/security/advisories/GHSA-cw7j-v52w-fp5r

Url: https://www.mend.io/vulnerability-database/WS-2023-0255

Severity Score

6.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0255

Good to know:

Date: August 19, 2025

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?