CVE-2026-30587 in Serverinformation

Résumé

par MITRE • 25/03/2026

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

MITRE

Réserver

04/03/2026

Divulgation

25/03/2026

Modérer

accepté

Entrée

VDB-353276

CPE

prêt

CWE

CWE-287 (confirmé)

CVSS

8.7 (NVD)

EPSS

0.00066

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-30587
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-30587
CVE Details	https://www.cvedetails.com/cve/CVE-2026-30587/

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!