CVE-2026-30587 in Serverالمعلومات

الملخص

بحسب MITRE • 25/03/2026

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

MITRE

حجز

04/03/2026

إفشاء

25/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-353276

CPE

جاهز

CWE

CWE-287 (مؤكد)

CVSS

8.7 (NVD)

EPSS

0.00066

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-30587
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-30587
CVE Details	https://www.cvedetails.com/cve/CVE-2026-30587/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!