PT-2023-22023 · Seafile · Seafile
Published
2023-12-08
·
Updated
2023-12-12
·
CVE-2023-28873
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Seafile version 9.0.6
Description
An issue allows attackers to inject JavaScript into the Markdown editor in wiki and discussion pages. This is achieved through an XSS issue, which enables the execution of malicious scripts.
Recommendations
For Seafile version 9.0.6, update to a version that includes a fix for this issue to prevent JavaScript injection into the Markdown editor.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seafile