4 matches found
CVE-2023-41471
Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can...
CVE-2023-41471
Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can...
CVE-2023-41471
CVE-2023-41471 affects copyparty prior to 1.9.2, enabling Cross-Site Scripting via the WEEKEND-PLANS function. The vulnerability is exploitable by a local attacker (with write access) and can lead to arbitrary code execution in the user's browser. Some sources note debate over the practical impac...
PT-2025-35301
Name of the Vulnerable Software and Affected Versions: copyparty version 1.9.1 Description: A Cross Site Scripting issue exists in copyparty version 1.9.1. A local attacker can execute arbitrary code by using a crafted payload targeting the WEEKEND-PLANS function. Recommendations: Update to a new...