CVE-2023-38501

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 25, 2023

Updated: Aug 2, 2023

CWE ID 79

Summary

CVE-2023-38501 affects the copyparty file server software. This vulnerability allows an attacker to carry out reflected cross-site scripting through URL parameters "?k304=" and "?setck=". The consequences of this attack can be severe, enabling the attacker to delete or move existing files, upload new files, or impersonate users. It is strongly advisable to update to copyparty version 1.8.7, which includes a patch for this weakness, and to change passwords for copyparty accounts if there is no evidence of prior attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Copyparty Project Copyparty

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCS8pX
https://www.cve.org/CVERecord?id=CVE-2023-38501
https://nvd.nist.gov/vuln/detail/CVE-2023-38501

Back to Vulnerability Database

CVE-2023-38501

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations