CVE-2026-30587

medium

Red Hat

CVSS v3 Base Score

6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS Score

0.1%

Exploitation probability in 30 days

Top 71% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

Low

Availability

None

Published: March 25, 2026 (50 days ago)

Last Modified: March 25, 2026

Vendor: Red Hat

Source: REDHAT

Description

Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure updates. This allows authenticated remote attackers to inject malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags

CWE

CWE-79

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 gist.github.com 🔗 github.com

CVE-2026-30587

Vulnerability Report

Description

CWE

References