Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seafile vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-28873
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows malicious users to inject JavaScript into the Markdown editor.
Seafile Seafile 9.0.6
6.1
CVSSv3
CVE-2023-28874
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows malicious users to redirect users to arbitrary sites.
Seafile Seafile 9.0.6
5.9
CVSSv3
CVE-2021-43820
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server ...
Seafile Seafile Server
5.4
CVSSv3
CVE-2021-30146
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
Seafile Seafile 7.0.5
1 Github repository
7.8
CVSSv3
CVE-2020-16143
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.
Seafile Seafile-client 7.0.8
7.5
CVSSv3
CVE-2013-7469
Seafile up to and including 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Seafile Seafile
7.5
CVSSv3
CVE-2019-8919
The seadroid (aka Seafile Android Client) application up to and including 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Seafile Seadroid
7.8
CVSSv3
CVE-2014-5443
Seafile Server prior to 3.1.2 and Server Professional Edition prior to 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
Seafile Seafile Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started