CVE-2023-38501
published 2023-07-25CVE-2023-38501: copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and…
PriorityP343medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.19%
92.6th percentile
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 9001 | copyparty | < 1.8.7 | 1.8.7 |
| 9001 | copyparty | >= 0 < 007d948cb982daa05bc6619cd20ee55b7e834c38 | 007d948cb982daa05bc6619cd20ee55b7e834c38 |
| 9001 | copyparty | >= 0 < 1.8.7 | 1.8.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by matching HTTP requests containing CRLF injection (%0D%0A) in the k304 or setck URL parameters, combined with HTML tag injection patterns. ↗
- →Use Nuclei matcher logic: HTTP 200 response, content-type text/html, and body containing both the injected img tag and the string '">go to' to confirm reflected XSS execution. ↗
- →Identify exposed copyparty instances via Shodan (title:"copyparty"), FOFA (title="copyparty"), or Google (intitle:"copyparty") for attack surface enumeration. ↗
- →Flag copyparty versions <= 1.8.6 as vulnerable; patch is present in version 1.8.7. ↗
- ·The XSS is reflected (not stored), requiring user interaction — a victim must click a crafted malicious link for exploitation to succeed. ↗
- ·Impact includes file manipulation (move, delete, upload) using the victim's authenticated session, not just cookie theft — scope of post-exploitation is broader than typical XSS. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-38501: copyparty is file server software
osv·2023-07-25
CVE-2023-38501 CVE-2023-38501: copyparty is file server software
copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.
OSV
copyparty vulnerable to reflected cross-site scripting via k304 parameter
osv·2023-07-25
CVE-2023-38501 [MEDIUM] copyparty vulnerable to reflected cross-site scripting via k304 parameter
copyparty vulnerable to reflected cross-site scripting via k304 parameter
### Summary
The application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`
### Details
A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link.
It is recommended to change the passwords of your copyparty accounts, unless you have inspected your logs and found no trace of attacks.
### Checking for exposure
if copyparty is running behind a re
GHSA
copyparty vulnerable to reflected cross-site scripting via k304 parameter
ghsa·2023-07-25
CVE-2023-38501 [MEDIUM] CWE-79 copyparty vulnerable to reflected cross-site scripting via k304 parameter
copyparty vulnerable to reflected cross-site scripting via k304 parameter
### Summary
The application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`
### Details
A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link.
It is recommended to change the passwords of your copyparty accounts, unless you have inspected your logs and found no trace of attacks.
### Checking for exposure
if copyparty is running behind a re
No detection rules found.
Exploit-DB
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
exploitdb·2023-07-28·CVSS 6.3
CVE-2023-38501 [MEDIUM] copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
---
# Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
# Date: 23/07/2023
# Exploit Author: Vartamtezidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6
# Version: <=1.8.6
# Tested on: Debian Linux
# CVE : CVE-2023-38501
#Description
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.
Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
#POC
https://localhost:3923/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%
Nuclei
CopyParty v1.8.6 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-38501 [MEDIUM] CopyParty v1.8.6 - Cross Site Scripting
CopyParty v1.8.6 - Cross Site Scripting
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
Template:
id: CVE-2023-38501
info:
name: CopyParty v1.8.6 - Cross Site Scripting
author: ctflearner,r3Y3r53
severity: medium
description: |
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
impact: |
Unauth
http://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.htmlhttps://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hhhttp://packetstormsecurity.com/files/173821/Copyparty-1.8.6-Cross-Site-Scripting.htmlhttps://github.com/9001/copyparty/commit/007d948cb982daa05bc6619cd20ee55b7e834c38https://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh
2023-07-25
Published