Skip to main content

Seafile

5 CVEs product

Monthly

CVE-2025-41080 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

XSS RCE Debian Seafile Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-41079 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

XSS RCE Debian Seafile Red Hat
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-28874 MEDIUM POC This Month

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Seafile
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28873 MEDIUM POC This Month

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seafile
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-30146 MEDIUM This Month

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seafile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

XSS RCE Debian +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

XSS RCE Debian +2
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Seafile
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seafile
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seafile
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy