CVE-2023-41471
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-11-03

Assigner: MITRE

Description
Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2023-41471
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
9001 copyparty 1.9.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-41471 is a Cross Site Scripting (XSS) vulnerability in copyparty version 1.9.1. It allows a local attacker to execute arbitrary code by sending a specially crafted payload to the WEEKEND-PLANS function within the software. This means that an attacker with local access can inject malicious scripts that the application will execute, potentially compromising the system or user data.

Impact Analysis

This vulnerability can have a high impact as it allows an attacker to execute arbitrary code with the privileges of the application. According to the CVSS score of 7.8, it can lead to complete compromise of confidentiality, integrity, and availability of the affected system. An attacker could manipulate files, steal sensitive information, disrupt services, or further escalate privileges within the copyparty file server environment.

Compliance Impact

The vulnerability could negatively affect compliance with standards like GDPR and HIPAA because it risks unauthorized access and manipulation of sensitive data stored or managed by copyparty. Since copyparty supports GDPR compliance features, exploitation of this vulnerability could lead to data breaches or unauthorized data processing, which are violations of these regulations. Therefore, it is important to address this vulnerability to maintain compliance. [1]

Mitigation Strategies

To mitigate the vulnerability in copyparty v1.9.1, immediately restrict access to the WEEKEND-PLANS function and ensure proper configuration of accounts and volumes to avoid default read/write access to everyone. Consider updating copyparty to a patched version once available. Additionally, run the server with appropriate sandboxing options (such as bubblewrap or chroot) and configure IP-based authentication and permissions to limit exposure. Avoid exposing the server directly to untrusted networks without proper access controls. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-41471. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart