GHSA-cw7j-v52w-fp5r: 
Python vulnerability analysis and mitigation

A reflected cross-site scripting (XSS) vulnerability was discovered in copyparty's web interface through the URL parameter '?hc='. The vulnerability was identified and tracked as GHSA-cw7j-v52w-fp5r, affecting versions below 1.8.6. The issue was disclosed and patched on July 21, 2023, with a CVSS score of 6.3 (Moderate severity) (GitHub Advisory).

The vulnerability exists in the web interface where user input from the '?hc=' URL parameter was not properly sanitized, allowing for reflected XSS attacks. The vulnerability has been assigned a CVSS v3.1 base score of 6.3 with the following metrics: Network attack vector, Low attack complexity, No privileges required, User interaction Required, Unchanged scope, and Low impact on Confidentiality, Integrity, and Availability. The vulnerability is classified as CWE-79 (GitHub Advisory).

If successfully exploited, the vulnerability could allow attackers to execute malicious JavaScript code in the context of the victim's browser session. The worst-case scenario includes the ability to move or delete existing files on the server, or upload new files, using the compromised user's account (Security Advisory).

The vulnerability was patched in version 1.8.6. Users are recommended to upgrade to this version or later. For those using a reverse proxy, logs can be checked for potential exploitation by searching for URLs containing '?hc=' with '<' in its value using the command: '(gzip -dc access.log.gz; cat access.log) | sed -r 's/" [0-9]+ .*//' | grep -E '?&=.[<>]'. It is also recommended to change copyparty account passwords unless logs have been inspected and confirmed clean (Release Notes).