CVE-2023-41471
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 9001 | copyparty | 1.9.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-41471 is a Cross Site Scripting (XSS) vulnerability in copyparty version 1.9.1. It allows a local attacker to execute arbitrary code by sending a specially crafted payload to the WEEKEND-PLANS function within the software. This means that an attacker with local access can inject malicious scripts that the application will execute, potentially compromising the system or user data.
How can this vulnerability impact me? :
This vulnerability can have a high impact as it allows an attacker to execute arbitrary code with the privileges of the application. According to the CVSS score of 7.8, it can lead to complete compromise of confidentiality, integrity, and availability of the affected system. An attacker could manipulate files, steal sensitive information, disrupt services, or further escalate privileges within the copyparty file server environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability could negatively affect compliance with standards like GDPR and HIPAA because it risks unauthorized access and manipulation of sensitive data stored or managed by copyparty. Since copyparty supports GDPR compliance features, exploitation of this vulnerability could lead to data breaches or unauthorized data processing, which are violations of these regulations. Therefore, it is important to address this vulnerability to maintain compliance. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in copyparty v1.9.1, immediately restrict access to the WEEKEND-PLANS function and ensure proper configuration of accounts and volumes to avoid default read/write access to everyone. Consider updating copyparty to a patched version once available. Additionally, run the server with appropriate sandboxing options (such as bubblewrap or chroot) and configure IP-based authentication and permissions to limit exposure. Avoid exposing the server directly to untrusted networks without proper access controls. [1]