CVE-2026-30587: n/a
Multiple stored cross-site scripting (XSS) vulnerabilities exist in Seafile Server versions 13. 0. 15, 13. 0. 16-pro, 12. 0. 14 and earlier. These vulnerabilities arise from improper sanitization of WebSocket messages related to document structure updates in the Seadoc editor. Authenticated remote attackers can exploit this by injecting malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags. The vulnerabilities have been fixed in versions 13.
AI Analysis
Technical Summary
CVE-2026-30587 describes multiple stored XSS vulnerabilities in Seafile Server's Seadoc editor affecting versions 13.0.15, 13.0.16-pro, 12.0.14 and prior. The issue is due to failure to properly sanitize WebSocket messages that update document structure, allowing authenticated attackers to inject malicious JavaScript via the src attribute of embedded Excalidraw whiteboards or href attributes of anchor tags. This can lead to cross-site scripting attacks with limited impact on confidentiality and integrity, but no impact on availability. The vulnerabilities are fixed in versions 13.0.17, 13.0.17-pro, and 12.0.20-pro.
Potential Impact
Successful exploitation allows authenticated remote attackers to execute stored cross-site scripting attacks by injecting malicious JavaScript payloads. This can lead to limited confidentiality and integrity impacts, such as session hijacking or unauthorized actions within the context of the affected user. There is no impact on system availability. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade affected Seafile Server instances to version 13.0.17, 13.0.17-pro, or 12.0.20-pro or later, where these vulnerabilities have been fixed. Since this is not a cloud service, patching the server software is required to remediate the issue. Patch status is confirmed by the vendor's fixed versions. No additional mitigation steps are indicated.
CVE-2026-30587: n/a
Description
Multiple stored cross-site scripting (XSS) vulnerabilities exist in Seafile Server versions 13. 0. 15, 13. 0. 16-pro, 12. 0. 14 and earlier. These vulnerabilities arise from improper sanitization of WebSocket messages related to document structure updates in the Seadoc editor. Authenticated remote attackers can exploit this by injecting malicious JavaScript payloads via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags. The vulnerabilities have been fixed in versions 13.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-30587 describes multiple stored XSS vulnerabilities in Seafile Server's Seadoc editor affecting versions 13.0.15, 13.0.16-pro, 12.0.14 and prior. The issue is due to failure to properly sanitize WebSocket messages that update document structure, allowing authenticated attackers to inject malicious JavaScript via the src attribute of embedded Excalidraw whiteboards or href attributes of anchor tags. This can lead to cross-site scripting attacks with limited impact on confidentiality and integrity, but no impact on availability. The vulnerabilities are fixed in versions 13.0.17, 13.0.17-pro, and 12.0.20-pro.
Potential Impact
Successful exploitation allows authenticated remote attackers to execute stored cross-site scripting attacks by injecting malicious JavaScript payloads. This can lead to limited confidentiality and integrity impacts, such as session hijacking or unauthorized actions within the context of the affected user. There is no impact on system availability. No known exploits are reported in the wild.
Mitigation Recommendations
Upgrade affected Seafile Server instances to version 13.0.17, 13.0.17-pro, or 12.0.20-pro or later, where these vulnerabilities have been fixed. Since this is not a cloud service, patching the server software is required to remediate the issue. Patch status is confirmed by the vendor's fixed versions. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69c41f52f4197a8e3b733a29
Added to database: 3/25/2026, 5:45:54 PM
Last enriched: 4/3/2026, 1:35:25 PM
Last updated: 5/10/2026, 1:26:52 PM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.