VYPR
Vendor

Seafile

Products
1
CVEs
10
Across products
10
Status
Private

Products

1

Recent CVEs

10
  • CVE-2014-5443HigMar 19, 2018
    risk 0.51cvss 7.8epss 0.00

    Seafile Server before 3.1.2 and Server Professional Edition before 3.1.0 allow local users to gain privileges via vectors related to ccnet handling user accounts.

  • CVE-2026-30587HigMar 25, 2026
    risk 0.50cvss 8.7epss 0.00

    Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure…

  • CVE-2025-45091MedSep 15, 2025
    risk 0.35cvss 5.4epss 0.00

    Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities.

  • CVE-2025-41080Dec 4, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

  • CVE-2025-41079Dec 4, 2025
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

  • CVE-2023-28873Dec 9, 2023
    risk 0.00cvss epss 0.00

    An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.

  • CVE-2023-28874Dec 9, 2023
    risk 0.00cvss epss 0.00

    The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

  • CVE-2021-30146Apr 6, 2021
    risk 0.00cvss epss 0.01

    Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality."

  • CVE-2020-16143Jul 29, 2020
    risk 0.00cvss epss 0.00

    The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory.

  • CVE-2013-7469Feb 21, 2019
    risk 0.00cvss epss 0.01

    Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.