CVE-2023-41471
CVE-2023-41471 affects copyparty prior to 1.9.2, enabling Cross-Site Scripting via the WEEKEND-PLANS function. The vulnerability is exploitable by a local attacker (with write access) and can lead to arbitrary code execution in the user's browser. Some sources note debate over the practical impac...