Vulnerability Description
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixed in 3.3.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Filerise | Filerise | < 3.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fcProduct
- https://github.com/error311/FileRise/blob/7fee135a5b8feb25558aba0474bd6bb53943fcProduct
- https://github.com/error311/FileRise/releases/tag/v3.3.0Release Notes
- https://github.com/error311/FileRise/security/advisories/GHSA-h8fw-42v6-gfhvExploitVendor Advisory
FAQ
What is CVE-2026-25230?
CVE-2026-25230 is a vulnerability with a CVSS score of 4.6 (MEDIUM). FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain ...
How severe is CVE-2026-25230?
CVE-2026-25230 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25230?
Check the references section above for vendor advisories and patch information. Affected products include: Filerise Filerise.