CVE-2025-41080

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-41080

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41080.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-41080

Published

2025-12-04T12:16:22.153Z

Modified

2026-03-13T03:09:54.331700Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/{repo_id}/file/'.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-seafile

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "12.0.14"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41080.json"