Cross Site Scripting Vulnerability in Copyparty by Trinity SYT Security
CVE-2023-41471

7.8HIGH

Key Information:

Vendor: Trinity SYT Security
Status: Copyparty
Vendor: CVE Published:; 29 August 2025

🔔 Create Trinity SYT Security Vulnerability Alert

What is CVE-2023-41471?

The Copyparty application, particularly version 1.9.1, is susceptible to a Cross Site Scripting (XSS) vulnerability. This flaw allows a local attacker to craft a malicious payload targeting the WEEKEND-PLANS function, which can lead to the execution of arbitrary code. Attackers can exploit this vulnerability to manipulate user sessions and gain unauthorized access to sensitive data.

References

https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/bl...

https://github.com/9001/copyparty

https://github.com/9001/copyparty/releases/tag/v1.9.2

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Aug 30, 2023

CVE-2023-41471 Data

JSON