Name of the Vulnerable Software and Affected Versions copyparty (affected versions not specified)

Description A reflected cross-site scripting vulnerability exists in the web interface of the application, allowing an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The worst-case outcome is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. This can be achieved through the URL-parameter ?hc=... or ?pw=... with malicious input, such as <script>alert(1);</script>.

Recommendations To mitigate this issue, it is recommended to change the passwords of your copyparty accounts, unless you have inspected your logs and found no trace of attacks. Additionally, if copyparty is running behind a reverse proxy, you can check the access-logs for traces of attacks by grepping for URLs containing ?hc= or ?pw= with < somewhere in its value. As a temporary workaround, consider restricting access to the ?hc and ?pw parameters in the URL until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.