Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Seafile Server 安全漏洞
Vulnerability Description
Seafile Server是Seafile开源的一个提供文件同步、共享与协作管理功能的私有云存储服务器软件。 Seafile Server 13.0.15版本、13.0.16-pro版本、12.0.14及之前版本存在安全漏洞,该漏洞源于Seadoc编辑器未能正确清理WebSocket消息,可能导致经过身份验证的远程攻击者注入恶意JavaScript有效载荷。
CVSS Information
N/A
Vulnerability Type
N/A