HIGH
Seafile
CVE published 2026-03-25
CVE-2026-30587
CVE-2026-30587 is a high-severity stored cross-site scripting issue in Seafile Server’s Seadoc editor. The CVE entry says authenticated remote attackers can inject malicious JavaScript through WebSocket-driven document structure updates, specifically via the src attribute of embedded Excalidraw whiteboards or the href attribute of anchor tags. The issue is fixed in the listed Seafile releases, and the CVE [truncated]