VYPR

npm package

@seafile/sdoc-editor

pkg:npm/%40seafile/sdoc-editor

Vulnerabilities (1)

  • CVE-2026-30587HigMar 25, 2026
    affected >= 3.0.0, < 3.0.75fixed 3.0.75

    Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The application fails to properly sanitize WebSocket messages regarding document structure u