Описание
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.
A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/', leading to a stored Cross-Site Scripting (XSS).
Отчет
This vulnerability is rated Moderate for Red Hat products. A stored Cross-Site Scripting (XSS) flaw in Seafile allows an attacker to execute arbitrary code in a victim's browser by injecting malicious payloads into files. This affects Red Hat Community Projects, specifically Seafile on Fedora 42 and Fedora 43.
Меры по смягчению последствий
Restrict network access to the Seafile service to trusted networks and users. Configure firewall rules to limit inbound connections to the ports used by Seafile. For example, using firewalld, specific ports can be restricted to source IP addresses or zones. Applying these network restrictions may require reloading the firewall service.
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.
A stored Cross-Site Scripting (XSS) vulnerability has been found in Se ...
A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.
6.1 Medium
CVSS3