Vulnerabilities (CVE)

Filtered by vendor Seafile Subscribe
Filtered by product Seafile
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28874 1 Seafile 1 Seafile 2024-11-21 N/A 6.1 MEDIUM
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
CVE-2023-28873 1 Seafile 1 Seafile 2024-11-21 N/A 5.4 MEDIUM
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
CVE-2021-30146 1 Seafile 1 Seafile 2024-11-21 3.5 LOW 5.4 MEDIUM
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
CVE-2013-7469 1 Seafile 1 Seafile 2024-11-21 5.0 MEDIUM 7.5 HIGH
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.