Cyber Resilience

CVE-2023-38501

MediumPublic PoC

Published: 25 July 2023

Published
25 July 2023
Modified
04 September 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score 0.7963 99.1th percentile
Risk Priority 60 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-38501 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in 9001 Copyparty. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

copyparty is an open-source file server application that was affected by a reflected cross-site scripting vulnerability in versions prior to 1.8.7. The flaw is triggered through the URL parameters ?k304=... and ?setck=..., allowing script injection that executes in the context of the victim’s session. It is tracked as CWE-79 with a CVSS 3.1 base score of 6.3.

An unauthenticated attacker can deliver a crafted link to a copyparty user; if the link is followed, the injected script can perform actions such as moving, deleting, or uploading files under the victim’s account. The attack requires user interaction but needs no prior authentication on the server.

The project’s GitHub security advisory and accompanying patch commit recommend upgrading to version 1.8.7. Administrators are also advised to rotate account passwords unless server logs have been inspected and show no evidence of exploitation. Public references include a PacketStorm proof-of-concept and the official advisory at GHSA-f54q-j679-p9hh.

The CVE carries an EPSS score that has reached a peak of 0.8111, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload…

more

new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

9001
copyparty
≤ 1.8.7

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References