VYPR
Medium severity5.4NVD Advisory· Published Sep 15, 2025· Updated Jun 17, 2026

CVE-2025-45091

CVE-2025-45091

Description

Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.