Unrated severityNVD Advisory· Published Aug 29, 2025· Updated Nov 3, 2025

CVE-2023-41471

Description

Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKEND-PLANS is accessible only to actors who already have write access to the server, and they can more simply upload HTML files containing JavaScript.

Affected products

copyparty/copypartydescription
Copyparty/Copypartyllm-fuzzy
Range: <1.9.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/9001/copyparty/releases/tag/v1.9.2mitre
github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/copyparty.mdmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000