Home > Vulnerability Database > WS-2023-0255

Mend.io Vulnerability Database

WS-2023-0255

Good to know:

Date: July 21, 2023

Reflected cross-site scripting via hc parameter in copyparty prior to 1.8.6. The vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link.

Language: Python

Severity Score

6.3

Related Resources (2)

Url: https://github.com/9001/copyparty/commit/0778da6c4d04de870c61f970763a7b619094093c

Url: https://www.mend.io/vulnerability-database/WS-2023-0255

Severity Score

6.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version copyparty - 1.8.6

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0255

Good to know:

Date: July 21, 2023

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?