Vulnerabilities > Seafile

DATE CVE VULNERABILITY TITLE RISK
2023-12-09 CVE-2023-28873 Cross-site Scripting vulnerability in Seafile 9.0.6
An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.
network
low complexity
seafile CWE-79
5.4
2023-12-09 CVE-2023-28874 Open Redirect vulnerability in Seafile 9.0.6
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
network
low complexity
seafile CWE-601
6.1
2021-12-14 CVE-2021-43820 Unspecified vulnerability in Seafile Server
Seafile is an open source cloud storage system.
network
high complexity
seafile
5.9
2021-04-06 CVE-2021-30146 Cross-site Scripting vulnerability in Seafile 7.0.5
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."
network
low complexity
seafile CWE-79
5.4
2020-07-29 CVE-2020-16143 Uncontrolled Search Path Element vulnerability in Seafile Seafile-Client 7.0.8
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.
local
low complexity
seafile CWE-427
7.8
2019-02-21 CVE-2013-7469 Inadequate Encryption Strength vulnerability in Seafile
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
network
low complexity
seafile CWE-326
7.5
2019-02-18 CVE-2019-8919 Use of Insufficiently Random Values vulnerability in Seafile Seadroid
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
network
low complexity
seafile CWE-330
7.5
2018-03-19 CVE-2014-5443 Permissions, Privileges, and Access Controls vulnerability in Seafile Server
Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.
local
low complexity
seafile CWE-264
7.8