CNNVD-202509-2001 Information
CNNVD ID
CNNVD-202509-2001
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Seafile是中国海文互知网络技术(Seafile)公司的一款开源的企业云盘。该产品具有Markdown WYSIWYG编辑,Wiki,文件标签等功能。 Seafile 11.0.18-Pro版本、12.0.10版本和12.0.10-Pro版本存在安全漏洞,该漏洞源于修改用户名时可嵌入恶意XSS有效载荷,可能导致存储型跨站脚本攻击。
Description (English)
Seafile is an open-source enterprise of Seafile, China. The product has the functions of Markdown WYSIWYG Editor, Wiki, Document Label, etc. There is a security loophole in the Seafile 11.0.18-Pro version, 12.0.10-Pro version and 12.0.10-Pro version, which stems from the fact that a malicious XSS payload may be embedded in the modification of the user name and may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
SEAT
Published
2025-09-15
Last Modified
2026-02-24
References
https://plus.seafile.com/wiki/publish/seafile-wiki/txzO/ https://access.redhat.com/security/cve/cve-2025-45091
Patch
https://www.seafile.com/en/download/
Share on: