Gabdevele

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages

**Name of the Vulnerable Software and Affected Versions** Seafile versions prior to 13.0.17 Seafile versions prior to 13.0.17-pro Seafile versions prior to 12.0.20-pro Seafile versions 13.0.15 through 13.0.16-pro Seafile versions 12.0.14 and earlier **Description** The application does not properly sanitize WebSocket messages related to document structure updates within the Seadoc (sdoc) editor. This allows authenticated remote attackers to inject malicious JavaScript payloads through the `src` attribute of embedded Excalidraw whiteboards or the `href` attribute of anchor tags. **Recommendations** Update to Seafile version 13.0.17. Update to Seafile version 13.0.17-pro. Update to Seafile version 12.0.20-pro.

**Name of the Vulnerable Software and Affected Versions** AFFiNE versions prior to 0.26.0 **Description** AFFiNE, an open-source workspace and operating system, contains an Open Redirect flaw in the `/redirect-proxy` endpoint. The issue stems from a flawed domain validation process, where a Regular Expression lacking proper anchoring allows attackers to circumvent the domain whitelist by utilizing malicious domains that conclude with a trusted string. **Recommendations** Update to version 0.26.0 or later.