Seafile: >> Seafile Security Vulnerabilities
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-12-09
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-09
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
CVSS Score
5.4
EPSS Score
0.005
Published
2021-04-06
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-02-21