CVE-2026-30587
- EPSS 0.05%
- Veröffentlicht 25.03.2026 00:00:00
- Zuletzt bearbeitet 31.03.2026 18:56:49
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages ...
CVE-2025-65516
- EPSS 0.07%
- Veröffentlicht 04.12.2025 16:16:22
- Zuletzt bearbeitet 11.12.2025 18:16:47
A stored cross-site scripting (XSS) vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript ...
CVE-2021-43820
- EPSS 0.31%
- Veröffentlicht 14.12.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:51
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client o...
CVE-2014-5443
- EPSS 0.06%
- Veröffentlicht 19.03.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:12:03
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.