Vulnerabilities > Seafile
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-09 | CVE-2023-28873 | Cross-site Scripting vulnerability in Seafile 9.0.6 An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. | 5.4 |
2023-12-09 | CVE-2023-28874 | Open Redirect vulnerability in Seafile 9.0.6 The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | 6.1 |
2021-12-14 | CVE-2021-43820 | Unspecified vulnerability in Seafile Server Seafile is an open source cloud storage system. | 5.9 |
2021-04-06 | CVE-2021-30146 | Cross-site Scripting vulnerability in Seafile 7.0.5 Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | 5.4 |
2020-07-29 | CVE-2020-16143 | Uncontrolled Search Path Element vulnerability in Seafile Seafile-Client 7.0.8 The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. | 7.8 |
2019-02-21 | CVE-2013-7469 | Inadequate Encryption Strength vulnerability in Seafile Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 7.5 |
2019-02-18 | CVE-2019-8919 | Use of Insufficiently Random Values vulnerability in Seafile Seadroid The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 7.5 |
2018-03-19 | CVE-2014-5443 | Permissions, Privileges, and Access Controls vulnerability in Seafile Server Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts. | 7.8 |