Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-41079

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with PUT parámetro 'name' in '/api/v2.1/user/'.

  • Published: Dec 4, 2025
  • Updated: Dec 7, 2025
  • CVE: CVE-2025-41079
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
seafile / seafile - 12.0.14