Описание
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.
A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parameter 'name' in '/api/v2.1/user/'.
Отчет
This vulnerability is rated Moderate for Red Hat as it is a stored Cross-Site Scripting (XSS) flaw in Seafile that allows an attacker to execute arbitrary code in a victim's browser. This affects Seafile in Fedora 42 and Fedora 43, which are community projects.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.
A stored Cross-Site Scripting (XSS) vulnerability has been found in Se ...
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.
6.1 Medium
CVSS3