EUVD-2025-201154

ID: EUVD-2025-201154

Severity: medium

CVSS v4: 5.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

Timestamps

Normalized: 2025-12-31T11:32:43Z UTC
Last updated: 2025-12-31T11:32:07Z UTC

References

No references provided.

VulnAI

EUVD-2025-201154

Description

Timestamps

References