Vulnerabilities > Seafile > Seafile
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-09 | CVE-2023-28873 | Cross-site Scripting vulnerability in Seafile 9.0.6 An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. | 5.4 |
| 2023-12-09 | CVE-2023-28874 | Open Redirect vulnerability in Seafile 9.0.6 The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | 6.1 |
| 2021-04-06 | CVE-2021-30146 | Cross-site Scripting vulnerability in Seafile 7.0.5 Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | 3.5 |
| 2019-02-21 | CVE-2013-7469 | Inadequate Encryption Strength vulnerability in Seafile Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 5.0 |