Описание
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.0.14 (исключая)
cpe:2.3:a:seafile:seafile:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00038
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
debian
2 месяца назад
A stored Cross-Site Scripting (XSS) vulnerability has been found in Se ...
CVSS3: 6.1
github
2 месяца назад
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.
EPSS
Процентиль: 11%
0.00038
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79