6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
0.002 Low
EPSS
Percentile
59.5%
copyparty is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validation in the ?k304=
and ?setck=
parameters which allows an attacker to inject and execute arbitrary JavaScript into the browser.
packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.html
github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38
github.com/9001/copyparty/releases/tag/v1.8.7
github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh
github.com/advisories/GHSA-f54q-j679-p9hh