← voltar
CVE-2025-65516

CVE-2025-65516

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
A stored cross-site scripting (XSS) vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the link triggers script execution in the victim's browser. This issue has been fixed in Seafile Community Edition 13.0.12.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/x0root/e5597622fede55b320d29a248dce01e6https://manual.seafile.com/latest/changelog/server-changelog/