Seafile · Seafile · CVE-2023-28874
**Name of the Vulnerable Software and Affected Versions**
Seafile version 9.0.6
**Description**
The issue allows attackers to redirect users to arbitrary sites through the `next` parameter in the "/accounts/login" endpoint.
**Recommendations**
For Seafile version 9.0.6, consider restricting access to the "/accounts/login" endpoint until a patch is available, or avoid using the `next` parameter in this endpoint to minimize the risk of exploitation.